#1137226 shim-signed: Allow installation override when signature is missing or revoked

Package:
shim-signed
Source:
shim-signed
Description:
Secure Boot chain-loading bootloader (Microsoft-signed binary)
Submitter:
Marc Riedel
Date:
2026-05-21 11:59:01 UTC
Severity:
normal
#1137226#5
Date:
2026-05-21 08:50:23 UTC
From:
To:
With the latest changes, the installation of this package fails for now. I
drive
several self signed systems with all default certificates removed. So please
add the possibility to continue the installation - e.g. a button "Acknowledged
and continue, I know what I'm doing!".

#1137226#10
Date:
2026-05-21 10:31:26 UTC
From:
To:
I pondered doing this when I added the extra checks here.

I have to ask - why are you even installing shim-signed on systems
with SB enabled but where you've removed the default Microsoft
certificates?

#1137226#15
Date:
2026-05-21 11:56:05 UTC
From:
To:
Several years ago, when I tried to use the self signed grubx64.efi
(grub-efi-amd64-unsigned) it refused to chainload the self signed kernel.
So I went with grubx64.efi.signed (grub-efi-amd64-signed), but it depends
on shim-signed (shim_lock).

Am Do., 21. Mai 2026 um 12:32 Uhr schrieb Steve McIntyre <steve@einval.com>: