Comment 32 for bug 1845289

It has nothing to do with whether the file handle is closed or not; this is just confusing code because of how it's built.

Shim is supposed to be installed by the installer when you set up the system in UEFI mode; this is done for you by the installer, and isn't a dependency of grub because grub does not require shim to work; but things *will* work better with shim installed. So, I strongly recommend anyone running into such issues make sure it is installed on their system, as it is supposed to be.

Now, after tracing more of the code, it looks like the issue is that grub_load_and_start_image() is insufficient to complete the boot process in handle_image()... You get the image loaded, but StartImage is never called, which would explain why you're seeing things go back to the menu.

Now, I don't think it's worth digging more into this code path, since if SB is disabled then shim_verify should be letting images work, unvalidated but accepted; so it would otherwise not get run. I'll go ahead and drop the extra check for SB state in linuxefi_secure_validate().