Created attachment 1898555 [details] shim v15.6-1 on ASUS B85M-E, fail to load efi Description of problem: Fedora's shim v15.6-1/v15.6-2 x86_64 can't be booted with "Invalid image", "Failed to read header: Unsupported", "Failed to load image: Unsupported" errors. This is a regression, the previous shim version v15.4-5 works fine. Fedora Rawhide Nightly ISO builds can't be booted on ASUS B85M-E motherboard. Version-Release number of selected component (if applicable): shim v15.6-2 How reproducible: 100% Steps to Reproduce: 1. Try to boot Fedora-Workstation-Live-x86_64-Rawhide-20220719.n.0.iso on ASUS B85M-E motherboard from the USB flash Actual results: ISO does not boot, fails in shim with "Invalid image" / "Unsupported" errors. Expected results: ISO boots as usual. Additional info: Similar report in shim issues, with a VM: https://github.com/rhboot/shim/issues/490 Bug report for Ventoy utility, which uses Fedora's shim v15.6-1: https://github.com/ventoy/Ventoy/issues/1707 Verbose shim output when booted on ASUS B85M-E is in attachment.
This bug appears to have been reported against 'rawhide' during the Fedora Linux 37 development cycle. Changing version to 37.
Can confirm this issue is easily reproducible on the noted motherboard: Asus B85M-E. I had someone in my Discord channel report the same bug, so I went as far as to purchase the same motherboard and tested it and was able to reproduce the issue. Reverting to 15-4 shim works. F36's install ISO still uses 15-4, which is why it still works. 15-6 is only provided via updates.
Alright. Let's keep conversation on the upstream issue so that it's only in one place.
Thanks for the testing. For anyone hitting this issue before Fedora's signed shim updates: in my opinion, it is better from a security perspective to run the older, signed shim rather than disabling secureboot to run a patched, unsigned shim. (If you're able to enroll your own keys, of course you can have the best of both worlds; and if you're just testing fixes, none of this applies anyway.)
This message is a reminder that Fedora Linux 37 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 37 on 2023-12-05. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '37'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 37 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
Fedora Linux 37 entered end-of-life (EOL) status on None. Fedora Linux 37 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora Linux please feel free to reopen this bug against that version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see the version field. If you are unable to reopen this bug, please file a new report against an active release. Thank you for reporting this bug and we are sorry it could not be fixed.