using shim does not require using microsoft keys. you can use shim, signed with your own key and empty db, and distrusted canonical ca as I have pointed out above, or like configure shim to disable validation altogether.
I repeat _microsoft keys are not required_. What is required is for shim apis to be available to grub. This way grub can assert that it is enforcing whatever policies you want to be enforced, including skipping signature validations via shim, even when booted under secureboot when configured using `mokutil --disable- validation`. We must check that shim api is present to ensure that shim set policies are enforced and honored (which for you deployment will mean, to ensure that shim validation is _not trusted_). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890672 Title: secure boot fails after upgrade to grub2-common 2.04-1ubuntu26.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1890672/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
