This is a quick recovery and fix for the machines rendered unbootable after the grub2/shim yum update. It is written for CentOS 8.2.2004 but similar should work for any CentOS 8 or 7 as long as you get the correct shim file, that is, the one from the latest installation media. I am running on an x86_64 architecture (see uname -i). Please use the correct shim file for your architecture (shim-<arch>-15-11.el8.<arch>.rpm) I have tested this by breaking a machine and then recovering it. It works for me. I hope someone finds it useful. Let me know. Regards Alan HOW TO BOOT AN UNBOOTABLE MACHINE ================================= 1) Download a copy of rEFind. This is a UEFI boot manager. Burn it to a USB key. # wget -O refind.zip http://sourceforge.net/projects/refind/files/0.12.0/refind-flashdrive-0.12.0.zip/download # unzip refind.zip # cd refind-flashdrive-0.12.0 # dd if=refind-flashdrive-0.12.0.img bs=4096 of=/dev/sdX (sdX is the device for your USB key, this will be erased, use the whole device use sdX not sdX1) 1800+0 records in 1800+0 records out 7372800 bytes (7.4 MB, 7.0 MiB) copied, 0.980893 s, 7.5 MB/s 2) Turn off secureboot in your UEFI hardware. 3) Boot the USB key. You should get a colourful screen with icons and a filename below. Use the left/right arrow keys to select the correct grubx64.efi. Hit space to boot. Your usual grub menu should appear and the system should boot normally. HOW TO FIX THE PROBLEM ===================== 1) We need to downgrade the shim package. Now your system is running get an older copy of the correct shim package for your architecture from the CentOS installation media (e.g. CentOS-8.2.2004-x86_64-dvd1.iso) and install it. # mount CentOS-8.2.2004-x86_64-dvd1.iso /mnt # cd /mnt/BaseOS/Packages # cp shim-x64-15-11.el8.x86_64.rpm /root # cd /root # umount /mnt OR Get the package from a CentOS mirror: # cd /root # wget http://ucmirror.canterbury.ac.nz/linux/CentOS/8.2.2004/BaseOS/x86_64/os/Packages/shim-x64-15-11.el8.x86_64.rpm 2) We can now reinstall the older shim package using yum. This will downgrade the package to the working version. # yum install shim-x64-15-11.el8.x86_64.rpm Last metadata expiration check: 2:11:11 ago on Sun 02 Aug 2020 11:31:06 NZST. Dependencies resolved. ==================================================================================================================================================================================== Package Architecture Version Repository Size ==================================================================================================================================================================================== Downgrading: shim-x64 x86_64 15-11.el8 @commandline 647 k Transaction Summary ==================================================================================================================================================================================== Downgrade 1 Package Total size: 647 k Is this ok [y/N]: y Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Downgrading : shim-x64-15-11.el8.x86_64 1/2 Cleanup : shim-x64-15-13.el8.x86_64 2/2 Verifying : shim-x64-15-11.el8.x86_64 1/2 Verifying : shim-x64-15-13.el8.x86_64 2/2 Installed products updated. Downgraded: shim-x64-15-11.el8.x86_64 Complete! 3) Your system should now boot normally. 4) add "exclude=shim*" to /etc/yum.conf to prevent the broken one being reinstalled. You should now be able to run 'yum update'. Remove the exclude= when a proper fix becomes available.