[DethNinja]

I guess lesson learned here is:

Always self-sign the secure boot keys, do not use any third-party keys.

Unfortunately, this complicates the kernel & boot loader upgrade process as one shouldn’t keep private keys in the same machine.

[Arnavion]

The leaked key in question has nothing to do with Secure Boot keys. The leaked key in question affects you even if you have your own Secure Boot keys.