I believe I have run into similar problems in the past. Note, in many cases, the UEFI firmware will not verify the GRUB binary itself, but will verify the SHIM against certificates in the UEFI databases. On a standard system, Ubuntu doesn't have their own cert in the UEFI key databases. The SHIM will verify the UBUNTU-signed GRUB image against certificates embedded in the SHIM itself.
Anyway, after seeing your post and doing some more searching I came across this: https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/log/ It appears that James Bottomley has some really recent code for sbsign up on kernel.org. I'm about to give it a shot myself and hope it fixes the problem. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1551629 Title: sbsign generates invalid grub signatures To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1551629/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
