docs: Correct chainloader UEFI secure boot info

Correct documentation for UEFI secure boot to remove statement that
chainloader does not work with secure boot. This was fixed by the commit
6d05264 (kern/efi/sb: Add chainloaded image as shim's verifiable object).

Fixes: https://savannah.gnu.org/bugs/?62004

Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

docs/grub.texi

@@ -8678,13 +8678,13 @@ secure boot chain.
 @node UEFI secure boot and shim
 @section UEFI secure boot and shim support
 
-The GRUB, except the @command{chainloader} command, works with the UEFI secure
+The GRUB works with UEFI secure boot and the shim. This functionality is
-boot and the shim. This functionality is provided by the shim_lock verifier. It
+provided by the shim_lock verifier. It is built into the @file{core.img} and is
-is built into the @file{core.img} and is registered if the UEFI secure boot is
+registered if the UEFI secure boot is enabled. The @samp{shim_lock} variable is
-enabled. The @samp{shim_lock} variable is set to @samp{y} when shim_lock verifier
+set to @samp{y} when shim_lock verifier is registered. If it is desired to use
-is registered. If it is desired to use UEFI secure boot without shim, one can
+UEFI secure boot without shim, one can disable shim_lock by disabling shim
-disable shim_lock by disabling shim verification with MokSbState UEFI variable
+verification with MokSbState UEFI variable or by building grub image with
-or by building grub image with @samp{--disable-shim-lock} option.
+@samp{--disable-shim-lock} option.
 
 All GRUB modules not stored in the @file{core.img}, OS kernels, ACPI tables,
 Device Trees, etc. have to be signed, e.g, using PGP. Additionally, the commands