Comment 7 for bug 2009078

Configured a new VM under virt-manager, using the option 'Customize configuration before install' and selecting 'OVMF_CODE_4M.ms.fd' as the firmware. Booted Ubuntu 22.04.2 install media. Verified firmware settings were as expected with 'mokutil --db' and 'mokutil --sb-state'. Verified that SBAT had been applied by confirming /sys/firmware/efi/efivars/SbatLevelRT-605dab50-e046-4300-abb6-3dd810dd8b23 was present.

Enabled focal-proposed in sources and ran 'apt install secureboot-db=1.6~20.04.1'. Confirmed with 'mokutil --dbx' that the Canonical 2012 signing key was present.

Shut down the VM, reconfigured to boot 20.04.5. 20.04.5 booted to grub without a security error. So the test case is incomplete, working on revising.