Comment 9 for bug 1814575

Verification-done for bionic using grub2/2.02-2ubuntu8.12, grub2-signed/1.93.13:

I have checked that running upgrade in the presence of an unsigned kernel leads to a failing upgrade, and if no unsigned/incorrectly signed kernel is present the upgrade will work fine. Similarly, running /usr/share/grub/grub-check-signatures behaves as expected, warning if the presence of an unsigned kernel is found. System appears to behave correctly despite "db is empty" error when running mokutil --db separately.