On 09/17/2015 12:46 PM, Akemi Yagi wrote: > > I also suspect this is a grub2 issue. Perhaps, you may want to file a > bug report [against grub2] at http://bugs.centos.org so that this can > be followed properly. Yeah, I just figured out how to query the signature of the new and previous grub image. The new one is signed with "Red Hat Test Certificate" [root at vagrant ~]# pesign --show-signature --in /var/tmp/grub2-16/boot/efi/EFI/centos/grubx64.efi --------------------------------------------- certificate address is 0x7fb81b3cb808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Inc. No signer email address. Signing time: Thu Mar 26, 2015 There were certs or crls included. --------------------------------------------- [root at vagrant ~]# pesign --show-signature --in /var/tmp/grub2-17/boot/efi/EFI/centos/grubx64.efi --------------------------------------------- certificate address is 0x7fde869bd808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Test Certificate No signer email address. Signing time: Tue Sep 15, 2015 There were certs or crls included. ---------------------------------------------