> So, I want to sign tails with my own keys since I have enrolled my own secure boot keys. I signed /live/vmlinuz and /EFI/BOOT/BOOTX64.EFI and ../GRUBX64.EFI. Upon starting tails, it tells me that something has gone wrong with shim-lock. I know that tails uses shim to work with microsoft-keyed secureboot environments out-of-the-box, but I would prefer just signing tails and not fiddling around with shim.
>
> Can I skip shim so that GRUB/syslinux directly boots? (-> maybe as a second EFI entry?).
I don't know. I haven't spent much time on it, but, while this looks like interesting research, I
think this usecase is really outside of our personas:
https://tails.net/contribute/personas/
happy hacking!
--
boyska