grub-efi: add support for build without shim

In `meta-signing-key/classes/user-key-store.bbclass` file, there is already
an implementation of sb_sign() function with support for both scerarions:
- bootloader is verified by shim_cert.crt
- shim is not used, and DB.crt is used to verify bootloader directly

but when building with MOK_SB ?= "0", grub is being build as `grub(ia32/x64).efi`
and with shim_lock support enabled.

Disabling shim_lock for running secure boot without shim fixes the issue:

  error: ../../grub-core/kern/efi/sb.c:180:shim_lock protocol not found.

during boot.

Disabling renaming of grub efi into `grubx64.efi` leaves it, as it is in
EFI_BOOT_IMAGE variable, set in `yocto/openembedded-core/meta/conf/image-uefi.conf`,
as this will be our first efi boot file.

Signed-off-by: Piotr Łobacz <[email protected]>

Author: Dvergatal

meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc

@@ -48,14 +48,14 @@ GRUB_SECURE_BUILDIN:append:class-target = " \
   ${GRUB_SELOADER_MODULES} \
   ${GRUB_TPM_MODULES} \
   --sbat ${WORKDIR}/sbat.csv \
-  ${@'--disable-shim-lock' if d.getVar('UEFI_SELOADER') == '1' else ''} \
+  ${@'--disable-shim-lock' if d.getVar('UEFI_SELOADER') == '1' or d.getVar('MOK_SB') != "1" else ''} \
   "
 
 # Set a default root specifier.
 inherit user-key-store
 
 python __anonymous () {
-    if d.getVar('UEFI_SB') != "1":
+    if d.getVar('UEFI_SB') != "1" or d.getVar('MOK_SB') != "1":
         return
 
     # Override the default filename if efi-secure-boot enabled.