Comment 26 for bug 1708245

I set up a KVM guest with Secure Boot for testing this.

The patched gnu-efi to build shim 13 successfully was built on this PPA [1].
The original shim 13 too (from shim-staging PPA [2]), it built successfully
using those changes.

Unfortunately shim-signed fails to build (for key-related reasons, likely expected),
and the version built in the shim-staging PPA for Trusty has a too newer version
for the grub2-common dependency (>= 2.02~beta2-36ubuntu12).
So I installed it with with `dpkg -i --force-depends-version`.

Summary, the test used:
- shim-13 built with patched gnu-efi
- grub2 packages from trusty-proposed
- and shim-signed from shim-staging PPA.

It works. :- )

$ dpkg -s grub-efi-amd64-signed grub2-common shim shim-signed | grep -e ^Package: -e ^Version
Package: grub-efi-amd64-signed
Version: 1.34.17+2.02~beta2-9ubuntu1.15
Package: grub2-common
Version: 2.02~beta2-9ubuntu1.15
Package: shim
Version: 13-0ubuntu2
Package: shim-signed
Version: 1.33.1~14.04.1+13-0ubuntu2

$ sudo grub-install --uefi-secure-boot && sudo reboot
<...>

ubuntu@trusty-secboot:~$ dmesg | grep Secure
[ 0.000000] Secure boot enabled

ubuntu@trusty-secboot:~$ sudo fwts uefidump - | grep Secure
Name: SecureBoot.
  Value: 0x01 (Secure Boot Mode On).

[1] https://launchpad.net/~mfo/+archive/ubuntu/sf188840di
[2] https://launchpad.net/~canonical-foundations/+archive/ubuntu/shim/