Comment 1 for bug 1600224

The shim-signed package is the package that delivers the Microsoft-signed shim to the user's system. I certainly agree that we can be more proactive about detecting the case where your system will be rendered unbootable. However, it seems to me that the obvious workaround for this bug is to not install the shim-signed package on a system which doesn't need it (or to remove this package when configuring your self-signed Secure Boot keys).