There was this issue where grub wouldn't secure boot and display "prohibited by secure boot policy" because unicode.pf2 was not signed. To get around this some people used grub-mkstandalone (instead of grub-install) and signed unicode.pf2. I am using Arch and recently the arch grub package maintainer recently created an updated grub package, 2:2.12.r226.g56ccc5ed-1, mentioning that a lot of grub defects were fixed.
To use unicode.pf2 with secure boot do I still have to build the grub bootloader with grub-mkstandalone or can I use grub-install with the --pubkey cmd line option? Thank you in advance. Markos
