RHEL10 guest boot failed under secure mode

Versions:
Host:
kernel-6.9.0-7.el10.x86_64
qemu-kvm-9.0.0-2.el10
edk2-ovmf-20240214-1.el10
Guest:
kernel-6.10.0-0.rc2.10.el10.x86_64

How reproducible:

5/5

Steps to reproduce

1. install a rhel10 guest with RHEL-10.0-20240617.64-x86_64-dvd1.iso and secure boot disabled.

2. check the information about the signature in guest

# pesign --show-signature -i /boot/vmlinuz-6.10.0-0.rc2.10.el10.x86_64 
---------------------------------------------
certificate address is 0x7fa0e709b208
Content was not encrypted.
Content is detached; signature cannot be verified.
The signer's common name is Red Hat Secure Boot Signing 501
The signer's email address is secalert@redhat.com
Signing time: Tue Jun 11, 2024
There were certs or crls included.
---------------------------------------------

3. shutdown the guest and reboot with secure boot enabled.

Expected results

RHEL10 guest boot up successfully

Actual results

RHEL10 guest can't boot up, Verification Failed.

edk2 log: rhel10_secure_boot.log

screenshot: