In #1138983 we have a report of a system which won't boot a
dual-signed shim. While waiting on the result of more testing there to
confirm if it's dual-signing that's the problem, thinking out loud...
We now have code in the shim-signed preinst to detect whether a
particular shim is likely to be supported on a given system. Could we
re-use/extend the logic here?
* As well as the multi-signed shim, include all the
individually-signed shims too in the package. Maybe in a separate
"fallback" subdirectory?
* If a system is on a known-bad list for multi-signing, check to see
if it will work with with one of the fallback shims instead of the
main multi-signed.
* If we think that should work, install that shim instead with some
packaging logic. (The RedHat folks are also doing something like
this with extra tooling.)
* If not, fail loudly.
That's the extent of my thoughts about this so far; I'm not proposing
to actually do any work on this unless we get a reasonably large
number of systems reported that might make this worthwhile.