As a bystander that does not work for Microsoft, I would like to point out the following:

There are currently a couple of shim reviews pending that haven't moved along with the usual expediency.

At least on current hardware, dbx entries used to deny list revoked shims are a finite resource. Given the recent boothole event, and the amount of dbx space that deny listing all the shims capable of loading bad grub binaries consumed, there is a desperate need to limit the number of shims signed until we have an alternate revocation model in place within the shim.

Shim developers consider this an urgent issue.