Am 29.07.20 um 20:54 schrieb Phil Perry: > On 29/07/2020 19:43, Leon Fauster via CentOS wrote: >> >> Did you got managed to boot kernel-4.18.0-193.14.2.el8_2 or a newer one? >> I must still boot into kernel-4.18.0-147.8.1.el8_1.x86_64 ... and with >> the upcoming new kernel that depends on a new shim and grub2 package I >> wonder about the implications for my XPS hardware ... >> > > The following article discusses a way to add a hash for older kernels to > the Allow List that should allow older kernels to continue to boot: > > https://access.redhat.com/security/vulnerabilities/grub2bootloader > > Quoting... > > Red Hat Enterprise Linux 8 > > Due to hardening within the kernel, which is released as part of these > updates, previous Red Hat Enterprise Linux 8 kernel versions have not > been added to shim’s allow list. If you are running with Secure Boot > enabled, and the user needs to boot to an older kernel version, its hash > must be manually enrolled into the trust list. This is achieved by > executing the following commands: > > # pesign -P -h -i /boot/vmlinuz-<version> > > # mokutil --import-hash <hash value returned from pesign> > > # reboot > Thank you very much, Phil! This helps to boot the old kernel. Also the newer kernel-4.18.0-193.14.2.el8_2.x86_64 can not boot on this notebook (Intel i7-8750H (06-9e-0a) / DELL XPS 15 9570). I had open a bug report already (not public as usual for kernels) https://bugzilla.redhat.com/show_bug.cgi?id=1848743 Does someone else has this problem? -- Leon