Description of problem: On a Dell XPS13 (9360), the shim displays a message at boot that it is "Booting in insecure mode". The install has been done over the vendor Ubuntu install, using the Fedora 25 installer, and upgraded since. The issue has always been there. Secure boot is enabled in the UEFI configuration interface. The kernel indeed reports that it has been booted with secure boot disabled: $ dmesg | grep Secure [ 0.000000] secureboot: Secure boot disabled however, mokutil seems to report that secure boot is indeed enabled: $ mokutil --sb-state SecureBoot enabled Version-Release number of selected component (if applicable): shim-signed-13-0.7.src.rpm How reproducible: 100% Steps to Reproduce: 1. Boot the machine, see your Schrödinger's boot :) Actual results: Secure boot is disabled Expected results: Secure boot is enabled Let me know if you need anything else, thanks!
I've just configured an XPS 13 (9370) and had the exactly the same thing. It's rather concerning that something has (effectively silently, to a non-technical user) disabled an important security feature.
This has been discussed here: https://bugzilla.redhat.com/show_bug.cgi?id=1544794 You need to run mokutil --enable-validation (as root), reboot, and it should work. *** This bug has been marked as a duplicate of bug 1544794 ***