I'm reporting a similar problem; maybe it is related. The solution to your problem addressed this problem. (downgraded shim)
Hardware: Really old, Dell PowerEdge R710, has TPM, TPM is disabled in BIOS, mokutil reports secure boot is not supported. (Not a problem, just a detail that may help with diagnoses of cause), OS installed on RAID-1 LD (PERC 6/i, RAID dedicated Write-Cache, RAID-1 system volumes, RAID-5 secondary, BBU OK, 100% charge, 75% of capacity when new), this has all of the latest Firmware/BIOS updates from Dell, in Dell published ISO from November 2018.
This machine has been on CentOS 7.x through many upgrades and started with a UEFI install. Around December 3, 2018, upgraded from 7.5.1804 to 7.6.1810.
The yum upgrade/update reported no problems. I issued "sync". I rebooted it.
On reboot, an error message on boot/grub:
Code: Select all
Failed to set MokListRT: Invalid Parameter
Something has gone seriously wrong: import_mok_state() failed
: Invalid Parameter
Error appeared on each reboot.
Used DRAC (like IPMI with a console or ILO) remote media, boot from ISO, recovery, chroot to installed system:
7.6.1810 (after upgrade + failed boot) had: shim-x64-15-1.el7.centos.x86_64 and mokutil-15-1.el7.centos.x86_64
7.5.1804 (before upgrade) had: shim-x64-12-2.el7.x86_64 mokutil-12-2.el7.x86_64
Completed download of 7.5.1804 versions of those two.
Issued an "rpm --force -U" for both.
Rebooted, and boot works with these two older packages. (I am not sure which, addressed the problem.)
I have several other servers upgraded to 7.6.1810. No other servers exhibited this problem. Others also have TPM, which are disabled in BIOS, but different models.
I hope this helps with your trouble report to diagnose the cause.