Revert "offline_signing: sign UEFI binaries for Secure Boot"

This reverts commit 40b60875d0.

offline_signing/sign.sh

@@ -5,27 +5,14 @@ DATA_DIR="$(readlink -f "$1")"
 KEYS_DIR="$(readlink -f "$(dirname "$0")")"
 
 gpg2 --verify "${DATA_DIR}/coreos_production_update.bin.bz2.sig"
+gpg2 --verify "${DATA_DIR}/coreos_production_image.vmlinuz.sig"
 gpg2 --verify "${DATA_DIR}/coreos_production_update.zip.sig"
 bunzip2 --keep "${DATA_DIR}/coreos_production_update.bin.bz2"
 unzip "${DATA_DIR}/coreos_production_update.zip" -d "${DATA_DIR}"
 
 export PATH="${DATA_DIR}:${PATH}"
+
 cd "${DATA_DIR}"
-
-# Sign UEFI binaries for Secure Boot.
-for bin in vmlinuz grub shim
-do
-        [ -e "coreos_production_image.$bin" ] || continue
-        gpg2 --verify "coreos_production_image.$bin.sig"
-        mv "coreos_production_image.$bin" "$bin.unsigned"
-        pesign --in="$bin.unsigned" \
-               --out="coreos_production_image.$bin" \
-               --certdir="${KEYS_DIR}" \
-               --certificate='CoreOS Secure Boot Certificate' \
-               --sign
-done
-
-# Sign the delta, with the Secure Boot signed kernel.
 ./core_sign_update \
     --image "${DATA_DIR}/coreos_production_update.bin" \
     --kernel "${DATA_DIR}/coreos_production_image.vmlinuz" \