Hi, all iPXE 2.0.0 has released a version signed by iPXE's shim, which is then get signed by Microsoft's Secure Boot CA. Despite of it it seems to be difficult to have such a signed bootloader shipped in Debian.
If the situation changes, I'll post updates here. Cheers, Miao Wang
