Comment 11 for bug 2045552

Ok. You've convinced me this is the minimal reasonable change :)

I've still got a couple of questions about the process of testing:

It's not entirely clear to me what the scope of possible failures is here:
* failure to boot is a pleasantly obvious failure mode, but is this influenced by user configuration, or does it booting *anywhere* mean it will boot *everywhere*?
* My understanding of the TPM stack is limited, but my understanding is that if it boots *at all* then it must have booted an expected image - is this correct, or should we also be testing that the update correctly *fails* to boot unexpected images?

And to clarify:
> Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot

From package contents I assume you'd be checking against the checksum of /usr/lib/nullboot/shim/shimx64.efi.signed, but what checksum algorithm?