I'm attempting to create a live-build USB with custom Secure Boot keys and failing.
I have a config/hooks/live/1000-sign-boot.hook.binary file that is signing all *.efi files (verified when booting the live system without secure boot enabled), and it is also signing live/vmlinuz-*-amd64. However, when I look for *vmlinuz* files in the live USB environment with secure boot disabled, I see multiple files that are not signed with my custom keys. I assume this is the problem. If so, how can I fix it? If not, what else am I missing? Thanks, -- Adam McManus
