It seems to be part of the shim-signed package. (Credit: @neikas) That package description says: "Its purpose is to allow a small, infrequently-changing binary to be signed by the UEFI CA, while allowing an OS distributor to revision their main bootloader independently of the CA." But why am I getting this, given that I am running Ubuntu -- not Microsoft?
See also related question: How to remove “Secure Boot chain-loading bootloader (Microsoft-signed binary) ”?
