Secure boot seems to not be active in fedora silverblue 36?

I installed fedora silverblue 36 (as my secure boot was already on, previous OS was Ubuntu).
But then i just noticed that i can insmod any module that i just built!
Followed this:

My /boot/efi/EFI/fedora/grub.cfg content is the same as the answer to that post, and my fedora line in efibootmgr -v is:

Boot0000* Fedora HD(1,GPT,xxx)/File(\EFI\FEDORA\SHIMX64.EFI)

And secure boot is still on in my UEFI setting.

dmesg | grep secureboot output:

“secureboot: Secure boot disabled”

bootctl output:

Secure Boot: disabled (unknown)

So what is happening, why is secure boot not working even tho secure boot is on in my UEFI?

It can’t be? If your system was enforcing secure boot and fedora wasn’t, it wouldn’t boot.

That’s what’s confusing me, but this is a picture from my UEFI setting (its asus VIII hero):

And i can’t make sense of it.

Another funny thing is that my nvidia drivers that are loaded are not even signed, even tho i followed these guides:

Howto/NVIDIA - RPM Fusion (and the secure boot guide page which signs the modules)

which seems to be related to this problem:

Note that my secure boot worked fine when i was using Ubuntu, and only signed modules were able to load.
And I’m not even able to turn the secure boot state off from the UEFI bios settings, can’t even select it, it just says that its enabled! And my UEFI firmware is the latest version.

Some BIOSes require OS Type to be set to WIndows for Secure Boot to work. Is that the case with yours?

Not that i know of, because when i was using Ubuntu with secure boot it was selected as other OS as well and everything was working as intended.
Are you suggesting i should set this setting to windows to resolve the problem? Is there any risk in changing this?

And i assume i should try to sign my nvidia drivers before trying any solution, because if not it will brick the system right? Probably have to follow up with that github issue that i posted and see if any of the solutions work.

I also get the following in the journalctl -xb output when i grep -i secure:

Jul 24 16:38:17 fedora kernel: secureboot: Secure boot disabled
Jul 24 16:38:17 fedora kernel: secureboot: Secure boot disabled
Jul 24 16:38:21 fedora systemd[1]: [akmods-keygen@akmods-keygen.service](mailto:akmods-keygen@akmods-keygen.service) - Akmods Secure boot MOK Key Generation was skipped because all trigger condition checks failed.

Another thing i noticed is that the nvidia-powerd.service service is failing:

systemctl status nvidia-powerd.service
× nvidia-powerd.service - nvidia-powerd service
     Loaded: loaded (/usr/lib/systemd/system/nvidia-powerd.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2022-08-05 07:57:22 +0430; 2h 0min ago
    Process: 859 ExecStart=/usr/bin/nvidia-powerd (code=exited, status=1/FAILURE)
   Main PID: 859 (code=exited, status=1/FAILURE)
        CPU: 4ms

Aug 05 07:57:22 fedora systemd[1]: Starting nvidia-powerd.service - nvidia-powerd service...
Aug 05 07:57:22 fedora /usr/bin/nvidia-powerd[859]: nvidia-powerd version:1.0(build 1)
Aug 05 07:57:22 fedora /usr/bin/nvidia-powerd[859]: No matching GPU found
Aug 05 07:57:22 fedora /usr/bin/nvidia-powerd[859]: Failed to initialize RM Client
Aug 05 07:57:22 fedora systemd[1]: nvidia-powerd.service: Main process exited, code=exited, status=1/FAILURE
Aug 05 07:57:22 fedora systemd[1]: nvidia-powerd.service: Failed with result 'exit-code'.
Aug 05 07:57:22 fedora systemd[1]: Failed to start nvidia-powerd.service - nvidia-powerd service.

Even tho the drivers are loaded just fine, and nvidia-smi command shows me the proper driver version and everything works fine (gaming, etc)

Anyone has any idea what is happening?

Side note: I verified that nvidia driver is not signed using

lsmod drivername | grep sign

Aug 05 07:57:22 fedora /usr/bin/nvidia-powerd[859]: No matching GPU found

Might want to double check the requirements, Chapter 23. Dynamic Boost on Linux

Yeah when i run

nvidia-settings -q DynamicBoostSupport

I get this:

ERROR: Error resolving target specification '' (No targets match target specification), specified in query 'DynamicBoostSupport'.

But i assume this has nothing to do with the Secure boot problem correct?

Correct.

So i followed up the following solution to sign the nvidia drivers in silverblue:

https://github.com/fedora-silverblue/issue-tracker/issues/272#issuecomment-1170279690

Afterwards, i went into my UEFI settings and changed the OS type from Other OS to Windows UEFI mode, and it solved the problem:

 dmesg | grep secureboot 
[    0.000000] secureboot: Secure boot enabled
[    0.007731] secureboot: Secure boot enabled

bootctl
System:
Firmware: n/a (n/a)
Secure Boot: enabled (user)

So can anyone here make sense of what just happened? Why changing the OS type in my UEFI setting from other type to Windows UEFI mode solved the problem, even tho i do not have any Windows installed and i only have the silverblue as my main OS? Note that when i had Ubuntu, the OS type was Other OS, and secure boot worked without any problems.

And what is the effect of changing the OS type in UEFI setting from Other OS to Windows UEFI mode?