Comment 73 for bug 1091464

Hello,

GRUB binary doesn't have the cryptos to do the signs verification unlike shim, so the chainload process fails under Secure Boot.

As Valmar said, for the OpenSUSE version of GRUB2, Michael Chang came out with a patch on 2012 that make GRUB rely on shim verification to chainload other binaries: https://build.opensuse.org/package/view_file/openSUSE:Factory/grub2/grub2-secureboot-chainloader.patch