Comment # 22 on bug 1136601 from Guillaume GARDET

(In reply to Raymund Will from comment #21)
> Sorry for joining so late, but this seems "insane" to me!
> Why should we need to change '*-bootloader' at all?

Two reasons:
1- Because currently in *-bootloader aarch64 is said to not support SecureBoot
2- aarch64 will not use shim as x86_64

> 
> From my PoV 'grub2-install' should learn to do "The Right Thing"(TM)
> on it's own, and not only for ARM64, but also for AMD64 (incl. 'shim',
> 'MokManager' and 'fallback').
> 
> A command-line option would only be needed to override this...
> 
> Until this is implemented, we could simply "always" copy the "signed"
> binary (as implemented by Michael), if one is present, could we?
> 
> Am I missing something?

I think it is better to have the choice to install a signed or not signed grub.