And just for completeness of info in my last post, use of refind boot manager could be a usefull thing for people manually installing/configuring the boot process in the uefi setup. However I dont think by default it allows the secure boot chain to be passed down to the kernel, unless one uses/installs ones own PK (I think called custom boot mode at uefi firmware level) and suitable signing OR hash configuration in case of Linux foundations signed loader.
And just for completeness of info in my last post, use of refind boot manager could be a usefull thing for people manually installing/ configuring the boot process in the uefi setup. However I dont think by default it allows the secure boot chain to be passed down to the kernel, unless one uses/installs ones own PK (I think called custom boot mode at uefi firmware level) and suitable signing OR hash configuration in case of Linux foundations signed loader.