Can't boot to older kernel after applying boot hole vulnerability patch (shim update)

Solution Verified - Updated -

Issue

  • Unable to boot into older kernel after shim and grub2 package update with error you need to load the kernel first.

    error: ../../grub-core/loader/i386/efi/linux.c:215:(hd0,gpt2)/vmlinuz-4.18.0-193.el8.x86_64 has invalid signature.
    error: ../../grub-core/loader/i386/efi/linux.c:94:you need to load the kernel first.
    
    Press any key to continue...
    

Environment

  • Red Hat Enterprise Linux (RHEL) 7 and 8
  • kernel 4.18.0-193.14.3.el8_2.x86_64 and older (on RHEL8)
  • shim-x64-15-15.el8_2.x86_64 or shim-x64-15.4-3.el8_1 (on RHEL8)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content