Well, part of the reason for using syslinux over grub is our imaging system still needs to support PXE booting legacy BIOS systems, and syslinux is what we've used historically for that.
The other part is that back when I last tried using grub as a PXE bootloader, I wasn't able to get it working, although I haven't tried in a while. But we do have everything working with syslinux now, minus the signing.
As far as whether we want it signed with a with Microsoft Key or Canonical Key, I'm not totally clear on the details there, but I think we want it signed with whatever key is currently used to sign the shim and the kernels.
I was under the impression that the Canonical Key was signed by the same CA that the Microsoft Key is, and that's why you can still install Ubuntu on systems with secure boot enabled that originally shipped with Windows.
Well, part of the reason for using syslinux over grub is our imaging system still needs to support PXE booting legacy BIOS systems, and syslinux is what we've used historically for that.
The other part is that back when I last tried using grub as a PXE bootloader, I wasn't able to get it working, although I haven't tried in a while. But we do have everything working with syslinux now, minus the signing.
As far as whether we want it signed with a with Microsoft Key or Canonical Key, I'm not totally clear on the details there, but I think we want it signed with whatever key is currently used to sign the shim and the kernels.
I was under the impression that the Canonical Key was signed by the same CA that the Microsoft Key is, and that's why you can still install Ubuntu on systems with secure boot enabled that originally shipped with Windows.