Comment 12 for bug 1658255

... why aren't all the kernels just signed? Why does this need to be a separate package at all?

I can confirm installing the -signed package fixes it for me. Where in the kernel source does this signature effect the output of /proc/sys/kernel/secure_boot, though? I can't find that...