Default image of the signed EFI GRUB2 (secureboot) doesn't have "GRUB_ENABLE_CRYPTODISK" feature

Fully encrypted LVM (+ encrypted boot partition) with the signed linux images.

When I install grub-efi-amd64 with the "GRUB_ENABLE_CRYPTODISK=y" (please note that suggested "GRUB_ENABLE_CRYPTODISK=1" doesn't work because of the bug inside /usr/share/grub/grub-mkconfig_lib) it successfully generates /boot/grub/x86_64-efi/core.efi file, copies it into /boot/efi/EFI/ubuntu/grubx64.efi and boots fine. /boot/efi/EFI/ubuntu/grub.cfg looks like:

cryptomount -u 756189f1463542039f2c03fd3cbb12f6
search.fs_uuid 22167461-e1e7-4188-80bf-8044c57977b0 root lvmid/qXy4Mj-jfjK-f0r2-ei33-fZrm-y4x5-SciAJP/giWh12-csOK-s766-lnFO-Zxh4-6LY5-pk50UM
set prefix=($root)'/grub'
configfile $prefix/grub.cfg

But when I enable SecureBoot and install grub-efi-amd64-signed - it doesn't generate custom /boot/grub/x86_64-efi/core.efi (because it is signed) and just copies /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed to the /boot/efi/EFI/ubuntu/grubx64.efi. But unfortunately this precompiled signed grub efi image doesn't support encrypted volumes (I assume because of the "GRUB_ENABLE_CRYPTODISK=1" bug in original grub-efi-amd64 package mentioned above).

Also affected new Ubuntu Xenial (I tried grub efi image from xenial package and it doesn't work as expected). I really appreciate you'll fix that before Xenial release.