Secure Boot suddenly prevents Grub from loading

Title says it, but I’ll give more context.
I’ve been double booting Windows 11 and Fedora for some years now on my Lenovo Thinkpad T490; current Fedora is 43. The Fedora partition is encrypted but the Windows one isn’t. I’ve had Secure Boot enabled all along (Secure Boot support was one of my reasons to install Fedora).
After a couple weeks not using it, suddenly boot fails and instead of showing Grub lands me on a black screen with an error message:

error: ../../grub-core/kern/efi/sb.c:179:prohibited by secure boot policy

Only disabling Secure Boot in the UEFI BIOS settings allows the boot process to reach Grub.
So what the heck is going on? Did some update break Secure Boot? I didn’t install any custom Grub theme nor font.
I tried the command “mokutil --list-enrolled --kek” and it shows both 2011 and 2023 keys.
I also went to the Lenovo website, downloaded and ran a BIOS update I found there before reenabling Secure Boot, but no dice.

Do you have a custom grub theme installed?
Appartently that can break grub booting.
If so you can remove the custom theme and grub should be back to working.

As I wrote, I have no recollection of ever installing any theme (grub or otherwise). This is a very vanilla installation.

You should run mokutil --list-enrolled to list the certificates that would allow grub and the kernel to load. Running mokutil --list-enrolled --db list the certificates which allow the shim to be loaded, and mokutil --list-enrolled --kek lists the certificates which shows who is allowed to update the db and dbx store. Finally mokutil --list-enrolled --pk shows who can update the kek store.

There is also mokutil --list-sbat-revocations which tels which grub version is allowd. Currently it shows

sbat,1,2024040900
shim,4
grub,4
grub.peimage,2

mokutil —list-sbat-revocations shows this:

sbat,1,2021030218

I don’t know how to interpret that. The other commands produce a lot of output, equally unininteligible.

In some post somebody mentioned an “Enable Microsoft 3rd Party UEFI CA” setting, but I can’t find it. My UEFI BIOS only shows this in the “Secure Boot Configuration” page:

• Enable/Disable Secure Boot
• Secure Boot mode:
  • Standard (Only MS or Lenovo certified programs can be executed)
  • Custom (Any user certified programs can be executed)
• Reset to Setup mode (clear Platform keys to customize Secure Boot databases)
• Restore factory keys
• Clear all Secure Boot keys

Any ideas?

Which one is enabled? I would assume Custom should be the right selection as Standard would boot Windows only.

“Standard mode” is enabled, that’s why I put it in bold.

According to the Wikipedia and ArchLinux wiki pages on Secure Boot, Fedora uses Microsoft’s keys through Red Hat’s ‘shim’ implementation and nothing needs to be set up out of the box to run Fedora unless you want to compile and sign your own kernels. Other distributions refused to support Secure Boot because they saw it as a monopolistic move from Microsoft’s side or don’t want to bother with it.

Moreover, there are reports that setting Secure Boot mode to ‘custom’ or clearing UEFI keys may brick some Lenovo laptops like this one. I have no intention to take that risk! I only clicked on the general UEFI switch to disable Secure Boot as a whole and won’t touch anything else unless I know what I’m doing.

Let’s go back to the main question: Why Secure Boot stopped working without any visible change? Is anybody else affected by this?

For more context, here are the complete results of sudo bootctl status:

systemd-boot not installed in ESP.

System:
Firmware: n/a (n/a)
Firmware Arch: x64
Secure Boot: disabled
TPM2 Support: yes
Measured UKI: no
Boot into FW: supported

Current Boot Loader:
Product: GRUB 2.12
Features: 
✗ Boot counting
✗ Menu timeout control
✗ One-shot menu timeout control
✗ Default entry control
✗ One-shot entry control
✗ Support for XBOOTLDR partition
✗ Support for passing random seed to OS
✗ Load drop-in drivers
✗ Support Type #1 sort-key field
✗ Support @saved pseudo-entry
✗ Support Type #1 devicetree field
✗ Enroll SecureBoot keys
✗ Retain SHIM protocols
✗ Menu can be disabled
✗ Multi-Profile UKIs are supported
✗ Loader reports network boot URL
✗ Support Type #1 uki field
✗ Support Type #1 uki-url field
✗ Loader reports TPM2 active PCR banks
Partition: /dev/disk/by-partuuid/2026b026-1458-4641-a20a-aa07a156c5fa

Random Seed:
System Token: not set
Exists: no

Available Boot Loaders on ESP:
ESP: /boot/efi (/dev/disk/by-partuuid/2026b026-1458-4641-a20a-aa07a156c5fa)
File:
├─/boot/efi//EFI/BOOT/BOOTIA32.EFI
├─/boot/efi//EFI/BOOT/fbia32.efi
├─/boot/efi//EFI/BOOT/fbx64.efi
└─/boot/efi//EFI/BOOT/bootx64.efi

Boot Loaders Listed in EFI Variables:
Title: Fedora
ID: 0x0001
Status: active, boot-order
Partition: /dev/disk/by-partuuid/2026b026-1458-4641-a20a-aa07a156c5fa
File: └─/boot/efi//EFI/fedora/shimx64.efi

    Title: Windows Boot Manager
       ID: 0x0000
   Status: active, boot-order
Partition: /dev/disk/by-partuuid/2026b026-1458-4641-a20a-aa07a156c5fa
     File: └─/boot/efi//EFI/Microsoft/Boot/bootmgfw.efi

    Title: Linux-Firmware-Updater
       ID: 0x0002
   Status: active, boot-order
Partition: /dev/disk/by-partuuid/2026b026-1458-4641-a20a-aa07a156c5fa
     File: └─/boot/efi//EFI/fedora/shimx64.efi

Boot Loader Entry Locations:
ESP: /boot/efi (/dev/disk/by-partuuid/2026b026-1458-4641-a20a-aa07a156c5fa, $BOOT)
config: /boot/efi//loader/loader.conf: El fitxer o directori no existeix
token: fedora

0 entries, no entry could be determined as default.

Microsoft provides two certificates: one for Windows and built in drivers, and one for everything else. The Fedora system falls in the category of “Everything Else”. To improve security for Windows, some computers have an option to disable the second category, which is find for those who runs Windows only.

You need to run mokutil --list-enrolled --db --short and the list should include all four of these certificates.

46def63b5c Microsoft Corporation UEFI CA 2011
580a6f4cc4 Microsoft Windows Production PCA 2011
b5eeb4a670 Microsoft UEFI CA 2023
3fb39e2b8b Microsoft Option ROM UEFI CA 2023

OK, I have all of those, plus two more:

7b9e6cc3c2 ThinkPad Product CA 2012
cb02597148 Lenovo UEFI CA 2014
46def63b5c Microsoft Corporation UEFI CA 2011
580a6f4cc4 Microsoft Windows Production PCA 2011
b5eeb4a670 Microsoft UEFI CA 2023
3fb39e2b8b Microsoft Option ROM UEFI CA 2023

Here’s more detail on the first ones:

[key 1]
Owner: 7facc7b6-127f-4e9c-9c5d-080f98994345
SHA1 Fingerprint: 7b:9e:6c:c3:c2:2e:2a:f2:4f:5b:eb:27:d5:df:f7:3d:5d:74:e1:66
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:45:63:7a:d8:c2:20:df:61:ea:52:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, ST=Kanagawa, L=Yokohama, O=Lenovo Ltd., CN=Lenovo Ltd. Root CA 2012
Validity
Not Before: Jun 29 10:47:31 2012 GMT
Not After : Jun 24 10:47:31 2032 GMT
Subject: C=JP, ST=Kanagawa, L=Yokohama, O=Lenovo Ltd., CN=ThinkPad Product CA 2012
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:56:37:db:a8:c3:70:67:8e:5f:ee:64:67:7a:
16:04:71:4f:4c:c9:eb:89:2e:e9:24:3e:eb:c7:e4:
a4:74:57:ed:d2:5f:f3:a5:9f:92:8a:e3:9f:59:e3:
98:ae:66:b9:2d:01:fc:75:47:bb:b8:71:b0:b1:e6:
64:7f:1e:74:16:d6:0a:4c:1d:29:94:e1:61:41:37:
37:5e:17:d0:de:37:6a:4b:e4:30:79:62:33:cd:a0:
da:3e:b6:62:a0:69:43:27:1a:be:51:a1:73:61:13:
c7:b5:93:0b:7a:b9:25:1f:b8:0c:e3:fe:14:5b:05:
ff:84:58:a2:3b:c0:9e:e8:8a:26:49:b9:74:00:0f:
5f:1e:12:a3:6a:8b:73:de:59:35:a4:34:b3:62:70:
16:cd:73:87:7c:09:b0:77:87:91:e7:99:f7:e5:bc:
10:52:da:d7:57:27:05:54:7e:94:62:cc:33:52:1b:
5a:7b:37:10:14:47:44:2e:13:8a:d6:62:a5:22:e9:
32:54:66:02:6d:8d:5f:f3:82:cf:48:b0:21:5f:ca:
ca:88:4a:86:5a:f1:f6:2d:0b:c5:24:28:2a:49:90:
03:a0:c8:dc:39:8f:4d:41:d3:8f:cb:2b:b9:c5:cf:
8c:6e:f9:34:2c:13:1f:dc:c6:c1:db:f8:f8:b5:63:
ca:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:8B:1F:54:C1:55:04:63:F4:5F:98:70:06:40:F1:10:69:26:59:49
X509v3 Authority Key Identifier:
EF:81:91:F6:CD:17:16:41:0A:68:50:6E:54:7E:70:CD:92:05:61:6B
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
ab:e4:4e:ce:fa:c2:39:f5:e1:eb:3c:93:35:a8:a8:9c:95:36:
18:c4:8e:98:be:47:fd:28:bf:42:28:8b:22:49:9b:38:23:43:
a3:69:05:58:8b:fc:47:f7:81:c5:87:3c:25:f6:bb:db:08:24:
b6:9f:cd:bf:6d:18:d7:22:14:40:01:18:73:5f:1f:79:44:cc:
74:fd:c8:f9:a9:4b:5b:3b:a3:80:c4:28:e6:42:15:26:eb:a0:
73:ec:cb:9a:83:c1:28:00:e9:27:ba:d0:e6:26:83:8a:41:2f:
09:2d:f4:65:aa:8b:24:bf:d8:c0:8e:12:b8:01:77:61:f8:9b:
61:30:00:78:90:5b:23:6c:26:b3:14:b3:24:af:4f:a6:a2:ae:
43:54:8b:3c:d6:0c:5b:82:50:b2:73:27:70:27:4c:6b:40:58:
d6:e7:24:6a:31:9e:53:0d:e8:58:50:42:60:df:b7:89:da:c9:
31:00:e0:f3:0f:88:c6:d1:9c:f3:67:f1:c8:4b:36:17:da:04:
c6:f8:c4:05:89:b3:8f:bf:0c:27:55:df:fc:da:d4:ab:34:9a:
0e:2d:63:1a:e2:50:ad:c5:5c:51:ee:be:ac:d7:4a:7d:4d:dc:
51:e1:25:4d:8e:cc:46:5c:71:d2:46:1b:f9:e2:d6:e0:50:64:
8a:8e:40:c0

[key 2]
Owner: 7facc7b6-127f-4e9c-9c5d-080f98994345
SHA1 Fingerprint: cb:02:59:71:48:26:c8:67:d1:42:2c:31:0b:88:15:01:60:39:8f:0b
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:09:48:62:90:34:75:92:87:34:95:87:23:09:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=North Carolina, O=Lenovo, CN=Lenovo UEFI CA 2014
Validity
Not Before: Jan 24 16:14:24 2014 GMT
Not After : Jan 19 16:14:24 2034 GMT
Subject: C=US, ST=North Carolina, O=Lenovo, CN=Lenovo UEFI CA 2014
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bc:3b:83:b8:70:b0:8b:93:4a:c8:2a:af:17:c9:
b1:99:1f:45:65:13:27:3c:0c:63:df:07:fd:f0:09:
3e:28:7c:e5:ea:2d:50:9e:d2:8a:22:d9:b4:e6:31:
54:be:7b:65:ed:aa:30:1b:cb:27:3c:7a:53:e1:4d:
8c:1f:bd:36:aa:bf:9f:74:c3:aa:a3:e8:5f:c6:43:
69:39:98:84:f1:0b:4e:89:ca:5f:24:5e:3b:19:45:
9e:7e:9f:ad:63:87:b0:60:23:14:75:f8:ca:6f:2e:
e2:c4:cf:3b:c9:9a:a0:ef:b0:bc:99:56:c3:32:47:
8c:dd:d1:1e:0e:d7:d6:12:63:71:fe:50:12:b1:42:
f0:0a:62:8a:cc:62:1a:66:1b:9c:04:97:b0:03:d3:
cb:25:87:0c:4b:ec:2f:89:d9:90:6d:63:87:b1:5f:
46:74:04:e5:7e:d1:ea:95:af:e8:5e:f9:6f:8e:af:
e8:2a:c4:8e:03:5a:8c:41:2c:0e:b2:36:5b:8c:bc:
c1:07:49:85:c9:26:9a:05:33:d9:67:c6:d8:a5:6e:
52:fc:a3:f5:10:b1:3c:88:8a:f9:b0:43:60:d0:09:
40:18:8b:ba:ae:5c:25:66:ce:00:3b:10:30:ae:f0:
16:c9:86:c8:b2:20:57:11:d5:ce:a3:ac:22:71:f9:
a4:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:91:A6:87:32:EA:EF:DD:2C:8F:FF:FC:6B:02:7E:C3:44:9E:9C:8F
X509v3 Authority Key Identifier:
4B:81:C7:50:AC:1E:A5:1F:CB:5F:FA:18:1B:74:32:CB:2D:68:62:8E
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
05:53:5b:d7:2e:69:e0:a0:fa:47:14:3f:e5:97:2a:75:3e:41:
18:ca:c3:51:60:67:1c:08:2c:ff:f3:86:ac:19:57:e7:77:07:
67:db:26:c0:9f:6a:d3:9e:53:87:c4:08:87:67:e8:ad:59:18:
eb:3d:b2:92:c8:18:3f:e9:81:7f:7f:20:c4:d4:8e:94:9a:1a:
61:64:21:67:f4:f3:19:83:bf:1c:e9:40:1c:e9:79:fc:73:98:
3f:e3:cb:ca:c3:e6:9c:9f:1d:06:27:17:9e:26:fc:cd:2f:a3:
5b:ea:5c:e8:92:2d:c1:86:38:2d:42:14:ec:30:46:93:7f:e2:
d0:ce:6e:81:ee:a1:00:23:31:ae:7e:60:77:58:83:79:97:e3:
6b:fe:d8:6b:1b:05:0a:c6:55:81:e1:9e:16:ac:ec:df:9e:36:
26:24:f2:dd:a4:9b:4a:ae:92:5b:ea:4a:2e:e6:44:16:fd:f0:
47:62:10:20:c2:b9:b1:84:27:e0:c3:30:fb:51:2b:d6:6b:d8:
9b:32:0b:6a:e4:07:ab:28:8b:01:c5:53:b0:1f:62:94:3d:68:
4b:f4:09:62:7d:f5:fb:ce:a0:ec:89:eb:1e:2a:3f:af:bf:34:
cb:bd:b0:b1:b7:1a:cf:05:67:16:f8:c8:cb:f3:4a:44:ff:2c:
85:5a:9d:dc

That looks fine. I can’t think about anything else that could explain the issue. That is hard without the system in front of me.

Just to second this, I recently had automatic updates happen yesterday and I am now running into the same exact issue. I also run a Fedora 43 dual boot with Windows 11. I do have secure boot enabled on both rather than just the 1. I’ve been running this setup for about 5 months now with no issues, so something must have gotten changed in a package update that caused this.

Did you see the news that MS has been rolling out UEFI updates? ^[1] And that “Worst case, impacted PCs might be unable to boot, or even to access UEFI after powering on.” ^[2]

1. https://www.windowslatest.com/2026/03/09/windows-11-gets-secure-boot-allowed-key-exchange-key-kek-update-on-more-pcs-requires-a-reboot-to-install/ ↩︎

2. https://www.windowslatest.com/2026/03/30/windows-11s-secure-boot-2023-updates-are-failing-across-some-pcs-exposing-a-wider-firmware-problem/ ↩︎

Thanks, I had no idea. I spent over an hour reading and trying to make sense of it.

So Windows Update is the culprit? However, I’m on Windows right now and can’t find any “Secure Boot Allowed Key Exchange Key (KEK) Update” in Windows Update’s history. Also, the PowerShell command reports “False”.

On the other hand, Windows Event Viewer started logging error messages on October 27th 2025, always the same. It seems to say that updated secure boot certificates are available but not applied to firmware. Yet I can’t pinpoint the exact update that caused everything, nor can I understand why the problem didn’t manifest itself until now, after so many months.

If I’m making sense from the long articles, should I restore factory keys? Will that plus reenabling secure boot be enough, or will I have to dabble with Windows Updates again?

Here’s the log event:

Log Name:      System
Source:        Microsoft-Windows-TPM-WMI
Date:          27/10/2025 22:45:18
Event ID:      1801
Task Category: None
Level:         Error
Keywords:
User:          SYSTEM
Computer:      denkende-Fenster
Description:
Los certificados de arranque seguro actualizados están disponibles en este dispositivo, pero aún no se han aplicado al firmware. Revisa las instrucciones publicadas para completar la actualización y mantener la protección completa. Esta información de firma de dispositivo se incluye aquí.
DeviceAttributes: FirmwareVersion:N2IETA6W (1.84 );OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_20N3_BU_Think_FM_ThinkPad T490;OSArchitecture:amd64;
BucketId: 5042b1e25bad8b48a8223ce276effe064939dcf1a4cc79125d2298d2a13c7e6d
BucketConfidenceLevel:
UpdateType: 0
Para más información, consulta 
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-TPM-WMI" Guid="{7d5387b0-cbe0-11da-a94d-0800200c9a66}" />
    <EventID>1801</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2025-10-27T21:45:18.5179989Z" />
    <EventRecordID>6443</EventRecordID>
    <Correlation />
    <Execution ProcessID="2352" ThreadID="7520" />
    <Channel>System</Channel>
    <Computer>denkende-Fenster</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="DeviceAttributes">FirmwareVersion:N2IETA6W (1.84 );OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_20N3_BU_Think_FM_ThinkPad T490;OSArchitecture:amd64;</Data>
    <Data Name="BucketId">5042b1e25bad8b48a8223ce276effe064939dcf1a4cc79125d2298d2a13c7e6d</Data>
    <Data Name="BucketConfidenceLevel">
    </Data>
    <Data Name="UpdateType">0</Data>
    <Data Name="HResult">0</Data>
  </EventData>
</Event>

I’m just reading a bit about this myself, so I’m not really sure. It looks like MS started rolling out these certificate updates as early as February 13, 2024, but I guess it was opt in initially. If your system picked up the updates in October, but could not apply them due to a firmware bug, a more recent update of the firmware might have suddenly allowed the certificate update to apply. Apparently those certificate updates were set to just keep retrying every 12 hours if they didn’t succeed the first time.

Considering how early GRUB loads, there are not many things that could interfere with it. I think it would have to be a firmware update of some sort.

I haven’t encountered this problem personally, but if I did, one thing I might try would be to install the shim package from the rawhide branch. I think that package is supposed to be signed by the new MS certificate. I’m not quite sure how to do that though. Maybe sudo dnf update --repo=rawhide shim\* would work?

You reported earlier

So somehow the kek has been updated.
The kek could be updated through windows or through fwupdmgr in linux. In either case the updates comes ultimately from the same source.

But the important cewrtificates are the ones found in db and these are also up-to-date according to the information you have provided.

That pretty much matches for when the db updates was made available from Microsoft, either through windows updates or from fwupd.

I assume that all grub packages are fully up-to-date and the shim packages as well. Older versions tends to become blacklisted at some point

The shim packes can be found on koji.

On my systems, the old as well as the new Microsoft certificates are installed, and that would verify the latest version of shim from Fedora 43 as well as the one from Fedora 44.