I set up a KVM guest with Secure Boot for testing this. The patched gnu-efi to build shim 13 successfully was built on this PPA [1]. The original shim 13 too (from shim-staging PPA [2]), it built successfully using those changes.
Unfortunately shim-signed fails to build (for key-related reasons, likely expected), and the version built in the shim-staging PPA for Trusty has a too newer version for the grub2-common dependency (>= 2.02~beta2-36ubuntu12). So I installed it with with `dpkg -i --force-depends-version`. Summary, the test used: - shim-13 built with patched gnu-efi - grub2 packages from trusty-proposed - and shim-signed from shim-staging PPA. It works. :- ) $ dpkg -s grub-efi-amd64-signed grub2-common shim shim-signed | grep -e ^Package: -e ^Version Package: grub-efi-amd64-signed Version: 1.34.17+2.02~beta2-9ubuntu1.15 Package: grub2-common Version: 2.02~beta2-9ubuntu1.15 Package: shim Version: 13-0ubuntu2 Package: shim-signed Version: 1.33.1~14.04.1+13-0ubuntu2 $ sudo grub-install --uefi-secure-boot && sudo reboot <...> ubuntu@trusty-secboot:~$ dmesg | grep Secure [ 0.000000] Secure boot enabled ubuntu@trusty-secboot:~$ sudo fwts uefidump - | grep Secure Name: SecureBoot. Value: 0x01 (Secure Boot Mode On). [1] https://launchpad.net/~mfo/+archive/ubuntu/sf188840di [2] https://launchpad.net/~canonical-foundations/+archive/ubuntu/shim/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1708245 Title: shim can't enable validation and enroll keys in one sitting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1708245/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
