Signed shim signature cannot be verified by UEFI BIOS

[sharathkurudi]

I used pesign for signing shim (https://github.com/rhboot/shim), new UEFI BIOS does not validate shim's signature. To verify whether I have signed properly, I signed a grubx64.efi image using the same process, grubx64.efi signature was successfully verified by UEFI BIOS. I used the following method to sign shim and grub

Generated keys (PK.crt (CA), db.key, db.crt, db.p12)
Create certificate db and add required certificates

mkdir certdb
certutil -N -d certdb
certutil -A -n 'PK' -d certdb -t CT,CT,CT -i ../keys/PK.crt #(Add PK.crt))
pk12util -d certdb -i db.p12 #(Add db.p12)
certutil -d certdb -A -i ../keys/db.crt -n "my Signature Database key" -t u #(Add db certificate)
Sign using pesign

pesign -n certdb -c "my Signature Database key" -s -i grubx64.efi -o grubx64_pesign_signed.efi
pesign -n certdb -c "my Signature Database key" -s -i shimx64.efi -o shimx64_pesign_signed.efi

To verify the signature I used sbverify tool (I could not find any other better tool)

sbverify --cert db,crt grubx64_pesign_signed.efi
Output: Signature verification OK

sbverify --cert db.crt shimx64_pesign_signed.efi
Output:
warning: data remaining[1124760 vs 1282576]: gaps between PE/COFF sections?
Signature verification OK

I think the warning might be the cause for signature verification failure?

Could you please advice on how to resolve this?