Generating revocations.efi documentation

[514amir]

There is no explicit documentation I can find on how to generate revocations.efi which gets looked for by shim 15.8 at least during a PXE boot. It throws a warning and I'd prefer to not have the warning. I've seen the documentation on updating the revocation list but I am not sure how it applies to revocations.efi

[jsetje]

I have some docs on this coming, although the PXE warning is a pretty special case. If we go looking for the file during PXE and it's not there, which is likely the common case, there will be a warning, since there is not readdir support there.

[christoph-at-unicon]

I'd like to chime in - users here are quite disturbed about the error message shim shows when booting via PXE.
Can you at least provide an (logically) empty revocations.efi? From reading the source, it has to be a signed EFI file, and if the sections that hold the data are missing, that's not really a problem.
So there's a workaround: Copy an already signed efi program (I abused fbx64.efi) to revocations.efi. But that's not something I really want to do.