Bug#991478: [shim-signed] RFE: do not brick users' systems in the stable distribution
Starting from 1.34~1+deb10u1 and its corresponding "***WARNING***", now the
arm64 shim "is no longer signed".
As a result, after a mundane package upgrade and a reboot, all of my remote
arm64 machines do not boot anymore. I was not aware that the cloud provider
actually uses this "secure boot", else I'd pay more attention to that
In any case, relying on the user reading upgrade notes, and then to scramble
rolling back the upgrade and holding the affected package ASAP, else the
system is bricked, is not a responsible package policy.
I would humbly suggest that you kept the latest signed version frozen at least
in "buster" with no further updates, until the signing issue is resolved. Or
as of now, release another update with the signed version in place.
P.S. just noticed 1.36~1+deb10u2 tried to do something about the boot breakage
- evidently that did not help.