Package: shim-signed Severity: grave Starting from 1.34~1+deb10u1 and its corresponding "***WARNING***", now the arm64 shim "is no longer signed".
As a result, after a mundane package upgrade and a reboot, all of my remote arm64 machines do not boot anymore. I was not aware that the cloud provider actually uses this "secure boot", else I'd pay more attention to that "WARNING". In any case, relying on the user reading upgrade notes, and then to scramble rolling back the upgrade and holding the affected package ASAP, else the system is bricked, is not a responsible package policy. I would humbly suggest that you kept the latest signed version frozen at least in "buster" with no further updates, until the signing issue is resolved. Or as of now, release another update with the signed version in place. P.S. just noticed 1.36~1+deb10u2 tried to do something about the boot breakage - evidently that did not help. -- With respect, Roman
