Comment 20 for bug 1921539

@mario, I turn secure boot on, and boot into OS, then run the fwupdmgr install command, then reboot, then I saw the failure.

One more thing, for new shim + groovy grub, I found the same failure happens if I use groovy/grub
1.155+2.04-1ubuntu35 as boot into OS (so I can't boot into OS with this grub), however if I use groovy/grub 1.167+2.04-1ubuntu44 from the update channel, then I can boot into OS.

Feel free to ask questions if anyone wants to reproduce and doesn't know certain steps in detail, or you want to know my steps in more detail as reviewing.

A full running session is here:

root@u-Latitude-5300:~# sh run.sh ; exit
+ dpkg -l
+ grep shim
ii shim 15.4-0ubuntu1 amd64 boot loader to chain-load signed boot loaders under Secure Boot
ii shim-signed 1.46+15.4-0ubuntu1 amd64 Secure Boot chain-loading bootloader (Microsoft-signed binary)
+ + grep fwupd
echo please run reboot 1.4.7-0~20.10.1 amd64 Firmware update daemon
ii fwupd-signed 1.30.1+1.4.7-0~20.10.1 amd64 Linux Firmware Updater EFI signed binary
ii libfwupd2:amd64 1.4.7-0~20.10.1 amd64 Firmware update daemon library
ii libfwupdplugin1:amd64 1.4.7-0~20.10.1 amd64 Firmware update daemon plugin library
+ fwupdmgr install 9da74134678173a97e2d3eb4a79f0beba0e43e85155777e040396bad6b70d0b4-firmware.cab --allow-reinstall
Decompressing… [***************************************]
Authenticating… [***************************************]
Installing on System Firmware… / ]
Scheduling… [***************************************]
Successfully installed firmware

An update requires a reboot to complete. Restart now? [y|N]: n
+ md5sum /usr/libexec/fwupd/efi/fwupdx64.efi.signed /boot/efi/EFI/ubuntu/fwupdx64.efi
e3a387f8f87852e670d105145cb96168 /usr/libexec/fwupd/efi/fwupdx64.efi.signed
e3a387f8f87852e670d105145cb96168 /boot/efi/EFI/ubuntu/fwupdx64.efi
+ mokutil --sb
SecureBoot enabled
+ echo please run reboot
please run reboot