-<p>If you're using Ubuntu 12.10, you can't use its version of shim, but you can replace it with Garrett's shim. The problem is that Ubuntu's GRUB and kernel will then be signed by an unknown key. Unfortunately, I haven't found a suitable public key file on Ubuntu's distribution medium, so you may need to sign GRUB and/or your kernels with your own MOK. In principle, you should be able to use shim 0.2 or later from future distributions that include it; but you must be sure that whatever you use supports MokManager.</p>
+<p>If you're using Ubuntu 12.10, you can't use its version of shim, but you can replace it with Garrett's shim. If you do so, though, you'll have to add Ubuntu's public key as a MOK, at least if you intend to launch Ubuntu's version of GRUB or launch Ubuntu-provided signed kernels. Ubuntu's public key is available in the <a href="http://archive.ubuntu.com/ubuntu/pool/main/s/shim/shim_0~20120906.bcd0a4e8-0ubuntu4.debian.tar.gz">shim_0~20120906.bcd0a4e8-0ubuntu4.debian.tar.gz</a> tarball, as <tt>canonical-uefi-ca.der</tt>. (The filename extensions <tt>.cer</tt> and <tt>.der</tt> are interchangeable for most purposes.) To use it, copy <tt>canonical-uefi-ca.der</tt> to your ESP and enroll it with MokManager. See <a href="http://falstaff.agner.ch/2012/12/12/secure-boot-implementation-of-ubuntu-12-10-quantal-quetzal/">this blog post</a> for further details on Ubuntu 12.10's handling of Secure Boot. In principle, you should be able to use shim 0.2 or later from future distributions that include it; but you must be sure that whatever you use supports MokManager.</p>