Missing grub-common dependency on sbsigntool

The grub-common package, starting (so far as I can tell) with bionic-updates, introduced a script named /usr/share/grub/grub-check-signatures.

This script is run, for example, during the post-installation for the grub-efi-amd64 (or maybe, grub-efi-amd64-signed) package in order to verify the signature of an installed kernel. Unfortunately, grub-check-signatures utilizes a tool called "sbattach", which is available in the "sbsigntool" package. If "sbsigntool" is not installed, then this script fails, resulting in "grub-efi-amd64" failing to believe that signed kernels are signed correctly. This then leads to further problems if UEFI secure boot in enabled in the user's BIOS. (In my experience, the kernel will still load, but "apt" reports errors with kernel package installations, believing them to be unsigned.)

In short, it appears that there is a missing dependency on "sbsigntool" from within the "grub-common" package (or one of its dependencies).

I discovered this problem on Linux Mint 19. Please also refer to this forum thread for further details of the bug symptoms:

https://forums.linuxmint.com/viewtopic.php?f=46&t=277863&p=1528140#p1528140

Relevant other information:

Linux Mint 19, Tara

# apt-cache policy grub-common
grub-common:
  Installed: 2.02-2ubuntu8.4
  Candidate: 2.02-2ubuntu8.4
  Version table:
 *** 2.02-2ubuntu8.4 500
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.02-2ubuntu8 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages

If you need any further information, please let me know...