Package: shim-signed Version: 1.36+15.4-5 Severity: wishlist Currently, if dkms is installed, shim-signed prompts to disable kernel/module verification on next boot on some trigger events - to ensure the system will successfully boot (something, not necessarily untampered with) after a kernel upgrade.
According to Vorlon, in Ubuntu: "that's since been superseded by code to instead generate and enroll a MOK key and sign all dkms modules with it." This sounds like a very useful feature that would be worth bringing into Debian.
