The Fedora Secure Boot CA certificate shipped with shim-x64 in Fedora 38 was expired which could lead to old or invalid signed boot components being loaded.