diff --git a/debian/canonical-uefi-ca.der b/debian/canonical-uefi-ca.der
deleted file mode 100644
index b4098d9..0000000
Binary files a/debian/canonical-uefi-ca.der and /dev/null differ
diff --git a/debian/rules b/debian/rules
index 83c667a..22e0a06 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,18 +2,8 @@
 
 include /usr/share/dpkg/architecture.mk
 
-# Other vendors, add your certs here.  No sense in using
-# dpkg-vendor --derives-from, because only Canonical-generated binaries will
-# be signed with this key; so if you are building your own shim binary you
-# should be building the other binaries also.
-ifeq ($(shell dpkg-vendor --is ubuntu && echo yes),yes)
-	cert=debian/canonical-uefi-ca.der
-	distributor=ubuntu
-COMMON_OPTIONS ?= ENABLE_SHIM_CERT=1 ENABLE_SBSIGN=1
-else
-	cert=debian/proxmox-uefi-ca.der
-	distributor=proxmox
-endif
+cert=debian/proxmox-uefi-ca.der
+distributor=proxmox
 
 deb_version             := $(shell dpkg-parsechangelog | sed -ne "s/^Version: \(.*\)/\1/p")
 upstream_version        := $(shell echo $(deb_version) | sed -e "s/-[^-]*$$//")
diff --git a/debian/ubuntu-dbx.hashes b/debian/ubuntu-dbx.hashes
deleted file mode 100644
index e1ac359..0000000
--- a/debian/ubuntu-dbx.hashes
+++ /dev/null
@@ -1,22 +0,0 @@
-# debian-dbx.hashes
-#
-# This file contains the sha256 sums of the binaries that we want to
-# blacklist directly in our signed shim. Add entries below, with comments
-# to explain each entry (where possible).
-#
-# The data in this file needs should be of the form:
-#
-# <hex-encoded sha256 checksums> <arch>
-#
-# All other lines will be ignored. I'm using shell-style comments just
-# for clarity.
-#
-# The hashes are generated using:
-#
-#     pesign --hash --padding --in <binary>
-#
-# on *either* the signed or unsigned binary, pesign doesn't care
-# which. See the helper script block_signed_deb for an easy way to
-# generate this information.
-
-# ... This file intentionally left blank for now ...