This update for shim fixes the following issues: This update addresses the "BootHole" security issue , by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and Xen from July / August 2020 are applied. Changes: Use vendor-dbx to block old SUSE/openSUSE signkeys + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys - Update the path to grub-tpm.efi in shim-install - Only check EFI variable copying when Secure Boot is enabled - Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd - shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. - shim-install: install MokManager to \EFI\boot to process the pending MOK request