diff -Nru shim-signed-1.34.8/debian/changelog shim-signed-1.34.9/debian/changelog
--- shim-signed-1.34.8/debian/changelog	2018-04-24 16:31:25.000000000 +0000
+++ shim-signed-1.34.9/debian/changelog	2018-04-24 17:24:24.000000000 +0000
@@ -1,3 +1,10 @@
+shim-signed (1.34.9) bionic; urgency=medium
+
+  * debian/shim-signed.postinst: check for MOK existence rather than ignoring
+    failures in the trigger. (LP: #1766627)
+
+ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Tue, 24 Apr 2018 13:24:24 -0400
+
 shim-signed (1.34.8) bionic; urgency=medium
 
   * debian/shim-signed.postinst: shim-signed's trigger to enroll a new MOK
diff -Nru shim-signed-1.34.8/debian/shim-signed.postinst shim-signed-1.34.9/debian/shim-signed.postinst
--- shim-signed-1.34.8/debian/shim-signed.postinst	2018-04-24 16:22:39.000000000 +0000
+++ shim-signed-1.34.9/debian/shim-signed.postinst	2018-04-24 17:20:34.000000000 +0000
@@ -48,7 +48,9 @@
 
 case $1 in
     triggered)
-	SHIM_NOTRIGGER=y update-secureboot-policy --enroll-key || :
+	if [ -e /var/lib/shim-signed/mok/MOK.priv ]; then
+	    SHIM_NOTRIGGER=y update-secureboot-policy --enroll-key
+	fi
 	;;
     configure)
 	bootloader_id="$(config_item GRUB_DISTRIBUTOR | tr A-Z a-z | \