Once that's done, it'll enter setup mode. Once in that mode, I believe there are even some open source tools that will help you enroll keys, etc.
I'll dig that up when I have more time. If I could manage to get that working the rest should fall into place quite easily and I won't need to mess around with shim/grub2. Thanks for that Josh, much appreciated!
OK, I've managed to sort out the above, but unfortunately, my issues now are with pesign itself.
I've submitted 4 bug reports with bugzilla yesterday, but even if I work around these I am still experiencing problems and can't get pesign to work properly. I am not sure whether this is the right place to post my pesign problems/woes or whether I should contact Peter Jones directly (is he on this ML?)?