Comment 30 for bug 1773457

If your goal is secure boot, then you need signature verification. Encryption is not required for that. Encryption is for data privacy, and as I said before, nothing you consider private should be in /boot.