At the time we ignored this issue because the proposed fixes to Grub2 were causing boot issues on several systems and it seemed a better idea to wait until these issues were resolved before trying to update the Grub2 files used by the our Menderized systems.
As far as we can tell it seems that those issues have now been resolved and we could attempt to update to a newer Grub2.
Since Mender uses its own builds of Grub2 for use with mender-convert, my question is: Is the version used by mender-convert up to date with these fixes, and if it is, can I download the newer Grub2 files that mender-convert uses for x64 somewhere so that we can create an update script to replace the old Grub2 boot files for the newer ones?
So to be clear we want to upgrade the Grub2 boot files (executables?) with the ones that fix the secure boot issues, on our Menderized systems without having to go through the entire mender-convert process (as that would mean having to recreate an entire bare Linux install, which would be more work than we are willing to commit to)
We have usually updated when Yocto updates. However, I think they only update to stable versions, and the Grub folks still have not released anything past 2.04, which is almost a year and a half old by now.
For now, I created MEN-4198 so we can update to a reasonable SHA at least. Thanks for the heads up on this.