Ubuntu 21.10 can load on my computer through secure boot, and the shim version is 15.4. Then refer to the official tutorial, I installed rEFInd v0.13.2 (the latest version when I posted this blog) via PPA in Ubuntu 21.10. However, when I restart the system and load rEFInd, it always fails with the message Verification failed:(0x1A)Security Violation. I'm sure that both refind_local.cer and refind.cer under the EFI/refind/keys/ have been enrolled through MokManager (Although only refind_local.cer is needed through PPA installation).
From this post, I got that rEFInd currently (v0.13.2) lacks the .sbat section. For shim 15.3 and later versions, SBAT is mandatory, resulting in failure to start rEFInd.
The post also indicates that the author of rEFInd is currently studying how to solve the related problems. I hope the later versions can fix this issue.
To conclude, you need to use shim 15 to solve this problem. For this purpose, you can perform the following steps (applicable to amd64. Steps are also similar if you are on other architectures):
mmx64.efi file. (data.tar.xz-> . -> usr/lib/shim/mmx64.efi)shimx64.efi.dualsigned file. (data.tar.xz-> . -> usr/lib/shim/shimx64.efi.dualsigned) Rename it to shimx64.efi.unzip refind-bin-0.13.2.zip
cd refind-bin-0.13.2
sudo ./refind-install --shim ../shimx64.efi
If you encounter any confirmation during the installation process, just enter y to confirm.
Verification failed, refer to step 9 of the official tutorial. Select Enroll key from disk, and then select the ESP disk where you installed rEFInd. Finally, choose the file of path EFI/refind/keys/refind.cer to import.EFI/refind/keys as above. Failure to do so may cause your Linux distribution to be unable to boot via rEFInd.