Comment 7 for bug 2040137

Hi,
also just got note of this and catching up on this and bug 2040139

> @mkukri has a solution to replace the EFI shell wtih python-uefivars to enroll keys. I don't know the specifics. I believe this would require python-uefivars in main for all affected releases, which would require MIR coordination.

No, AFAICS it would only be a build time dependency right? Replacing the use of the intermal shell in edk2-vars-generator.py. Would we want this to be high quality - yes, would we want it to be in main - I guess, but just strictly looking at the rules it does not have to be in main as a pure build time dependency.

Or - as DannF said, even if we would drop the shell in the secure-boot image, we could just use the non-secure-boot image to do the enrollment. In that case also the change is smaller (which is more appealing when changing released Ubuntu versions). In that case python-uefivars would not even be needed as a build time dependency.