On Wed, Sep 30, 2020 at 10:46 AM Stephen John Smoogen <smooge@gmail.com> wrote:
>
> The Fedora secure boot signing keys were updated after F32 was initially released to deal with the grub2 problems found during the summer. I believe some systems have needed firmware updates from the manufacturer to work with the new key because they worked by white listing the old set, and don't know how to handle when a new key signed and authorized is presented. I don't know how the Surface Pro does its firmware updates and if one is needed.

Fedora 31, 32, and 33 have:

shim-x64-15-8.x86_64 koji date 2018-10-02

The signing keys haven't yet been updated in Fedora, they'd need to happen here.

And then these are current
grub2-efi-x64-2.04-31.fc33.x86_64
grub2-efi-x64-2.04-23.fc32.x86_64
grub2-efi-x64-2.02-110.fc31.x86_64

I wonder if the affected hardware is adversely affected by all three of these versions of GRUB?