Sorry, just forget my about previous comment! I believe it's actually my mistake. 😁 Turns out I have made a change in the script that I wrote perform the whole installing procedure, believing that it was an oversight and changing it was a good idea.
I'll explain it here so that other people making the same mistake can learn from it:
I changed it copy everything from /usr/share/shim-signed/ to my /boot/efi/EFI/<bootloader-name>/ location, instead of online specific files.
And that was not supposed to be done, according to the wiki 🧐:
https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Set_up_shim
"Note: Make sure you do not copy fbx64.efi (which is under the same directory) unless you actually have a valid bootx64.csv to use. Otherwise shim will not execute grubx64.efi but will appear to fail to work and just reset the machine."
Whoops. Moral of the story: Always read the wiki, also do it again when changing things later. :)
Pinned Comments
nl6720 commented on 2021-05-28 11:19 (UTC)
shim 15.4 requires SBAT. It will not launch EFI binaries without a
.sbat
section.nl6720 commented on 2016-12-07 13:17 (UTC) (edited on 2023-12-15 09:27 (UTC) by nl6720)
shimx64.efi
is signed with Microsoft key, they also have a hardcoded Ubuntu key inside. MokManager (mmx64.efi
) is signed with Ubuntu's key.shimx64.efi
can launch any EFI binary signed with Microsoft keys.More information is available on the wiki: Secure Boot#shim.
fbx64.efi
scan the ESP for CSV files with bootloader information and adds boot entries to the NVRAM. Read README.fallback.