Comment 23 for bug 1921539

$ wget http://archive.ubuntu.com/ubuntu/dists/groovy-proposed/main/uefi/fwupd-amd64/1.4.7-0~20.10.1/fwupdx64.efi.signed

$ md5sum fwupdx64.efi.signed
e3a387f8f87852e670d105145cb96168 fwupdx64.efi.signed

$ objdump -h ./fwupdx64.efi.signed

./fwupdx64.efi.signed: file format pei-x86-64

Sections:
Idx Name Size VMA LMA File off Algn
  0 .text 000075c0 0000000000004000 0000000000004000 00000400 2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
  1 .reloc 0000000a 000000000000c000 000000000000c000 00007a00 2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .data 00002d68 000000000000d000 000000000000d000 00007c00 2**5
                  CONTENTS, ALLOC, LOAD, DATA
  3 .dynamic 00000150 0000000000010000 0000000000010000 0000aa00 2**3
                  CONTENTS, ALLOC, LOAD, DATA
  4 .rela 00000e70 0000000000011000 0000000000011000 0000ac00 2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .rela.plt 00000018 0000000000011e70 0000000000011e70 0000bc70 2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .dynsym 00000270 0000000000012000 0000000000012000 0000c000 2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA

The binary clearly does not have .sbat section, thus it will not be trusted or booted by new shim in hirsute.

fwupd in hirsute does have .sbat section.

This SRU claims to add .sbat for the first time in groovy, but actually does not. So it is ok to release this SRU in groovy, but we need a follow up SRU to add sbat section for real.