Hi
Hello, I already imported the sb keys from the uefi and signed my grub image. However the problem is that apart from the uefi verification of the grub image itself, no other verification is done by grub. This would mean that I can actually boot on unsigned kernels from grub (with sb enabled!). But I can sign correctly both the kernel and grub as of now. Then I think you would have to compile a shim for your system and boot this one first instead of grub. However if this shim is not signed by Microsoft I can't say for sure if a Linux/Windows Dual Boot system will boot properly into Windows. I think you should also compile your public cert of the key into the shim, just to make sure. Regards Mathias
