installation with Shielded VMs enabled failed on restarting the master machines

4.13.0-0.nightly-2023-03-14-053612

Always

1. "create install-config", then insert "secureBoot: Enabled" settings for compute & control-plane machines
2. "create cluster" 

The installation failed, because master machines on restarting after fetching their ignition-configs.

The installation should succeed.

FYI serial log snippet of one master machine:

error:../../grub-core/loader/i386/efi/linux.c:385:(hd0,gpt3)/ostree/rhcos-8bb3298191b
10a91e3d87a8f67872865cb6d42a8ba72cbcfd865b42b77396813/vmlinuz-5.14.0-282.el9.x8
6_64 has invalid signature.
error: ../../grub-core/loader/i386/efi/linux.c:256:you need to load the kernel
first.
 
$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version             False       True          53m     Unable to apply 4.13.0-0.nightly-2023-03-14-053612: an unknown error has occurred: MultipleErrors
$ oc get nodes
No resources found
$ oc get machines -n openshift-machine-api
NAME                         PHASE   TYPE   REGION   ZONE   AGE
jiwei-0316b-p6pdh-master-0                                  53m
jiwei-0316b-p6pdh-master-1                                  53m
jiwei-0316b-p6pdh-master-2                                  53m
$ oc describe machines jiwei-0316b-p6pdh-master-0 -n openshift-machine-api
Name:         jiwei-0316b-p6pdh-master-0
Namespace:    openshift-machine-api
Labels:       machine.openshift.io/cluster-api-cluster=jiwei-0316b-p6pdh
              machine.openshift.io/cluster-api-machine-role=master
              machine.openshift.io/cluster-api-machine-type=master
Annotations:  <none>
API Version:  machine.openshift.io/v1beta1
Kind:         Machine
...output omitted...
Spec:
  Lifecycle Hooks:
  Metadata:
  Provider Spec:
    Value:
      API Version:     machine.openshift.io/v1beta1
      Can IP Forward:  false
      Credentials Secret:
        Name:               gcp-cloud-credentials
      Deletion Protection:  false
      Disks:
        Auto Delete:  true
        Boot:         true
        Image:        projects/rhcos-cloud/global/images/rhcos-413-86-202302150245-0-gcp-x86-64
        Labels:       <nil>
        Size Gb:      128
        Type:         pd-ssd
      Kind:           GCPMachineProviderSpec
      Machine Type:   n2-standard-4
      Metadata:
        Creation Timestamp:  <nil>
      Network Interfaces:
        Network:     jiwei-0316b-p6pdh-network
        Subnetwork:  jiwei-0316b-p6pdh-master-subnet
      Project ID:    openshift-qe
      Region:        us-central1
      Service Accounts:
        Email:  jiwei-0316b-p6pdh-m@openshift-qe.iam.gserviceaccount.com
        Scopes:
          https://www.googleapis.com/auth/cloud-platform
      Shielded Instance Config: 
        Secure Boot:  Enabled   
      Tags:
        jiwei-0316b-p6pdh-master
      Target Pools:
        jiwei-0316b-p6pdh-api   
      User Data Secret:
        Name:  master-user-data 
      Zone:    us-central1-a
Status:
Events:  <none>
$ gcloud compute instances list --format='table(name:sort=1,zone,status,machineType,shieldedInstanceConfig.enableSecureBoot,networkInterfaces[].networkIP,networkInterfaces[].accessConfigs[].natIP)' --filter='name~jiwei-0316b'
NAME                         ZONE           STATUS   MACHINE_TYPE   ENABLE_SECURE_BOOT  INTERNAL_IP  NAT_IP
jiwei-0316b-p6pdh-bootstrap  us-central1-a  RUNNING  n2-standard-4  False               10.0.0.6     [['104.198.138.233']]
jiwei-0316b-p6pdh-master-0   us-central1-a  RUNNING  n2-standard-4  True                10.0.0.3     [None]
jiwei-0316b-p6pdh-master-1   us-central1-b  RUNNING  n2-standard-4  True                10.0.0.4     [None]
jiwei-0316b-p6pdh-master-2   us-central1-c  RUNNING  n2-standard-4  True                10.0.0.5     [None]
$