ok, can i at least assume that shim is not required? that was my main issue. i wanted a single unencrypted file (grub + initramfs by another name:), and, my chain of trust.
that is the key for me, if there is a requirement to only use shim and the microsoft keys, i'm in trouble. if its simply that canonical doesn't test w/o shim, that's ok. But it seems empirically that shim is now a hard requirement since the valid signed kernel no longer validates w/ this patch of grub. i guess also to the original bug from the original author here, perhaps removing the no-longer-supported option from grub doc would be good? the set check_signatures=no -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890672 Title: secure boot fails after upgrade to grub2-common 2.04-1ubuntu26.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1890672/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
