Secure boot invalid signature in Fedora 42- Windows 11 dual boo

I’m trying to run a windows 11 - fedora 42 dual boot on a brand new computer. Windows 11 was already installed, I resized its partition, and installed fedora using a live USB key, with secure boot disabled (otherwise I couldn’t boot on the livekey). With secure boot and bitlocker disabled fedora boots fine but windows won’t allow me to log in. With bitlocker disabled and secure boot enabled, I get a secure boot error “invalid signature detected. Check Secure Boot Policy in Setup.”; when I click “continue”, the computer boots to windows (which I can then use) , bypassing Grub.
I’ve already read a number of thread on similar issues, reinstalled GRUB2 and SHIM, ran fwupdmgr (which found no possible update).

I would like to be able to boot both systems with secure boot enabled, and I’m at a bit of a loss as to what could cause the error.
Thx for your help.

Some computers have a setting which disables the certificate which is used to validate the shim and other non-microsoft software.

Oh, I found the windows 3rd parties CA were disabled in the secure boot menu. Enabling them seems to have fixed my issue.

Hey man jte remercie tellement for posting this, you just saved me probably at least an hour, if not more, in searching for solutions. This worked for me as well! I literally just made an account to post this reply. Big W