ghost
commented
3 years ago After further experimentation, it seems like this feature will not work as intended, since Shim expects a "participation bootloader", for example, systemd-boot or rEFInd. Because of this, Shim will refuse to boot an unified kernel image unless used together with a participating bootloader acting as a middle-man. Request closed.
Some people use Shim as a bootloader to boot other bootloaders signed by their own MOK key. Since Shim is hardcoded to boot "grubx64.efi", a new configuration argument "AS_GRUBX64EFI" determines which kernel, if any, gets a copy by the name of "grubx64.efi" in the ESP. To prevent an unbootable system, "grubx64.efi" doesn't get removed when the script is invoked to remove a kernel, instead we wait until a new kernel is installed to replace "grubx64.efi" if required.