diff --git a/efi/image_rules.go b/efi/image_rules.go
index 84909eed..343f5b15 100644
--- a/efi/image_rules.go
+++ b/efi/image_rules.go
@@ -165,23 +165,6 @@ func (p imageSignedByOrganization) Matches(image peImageHandle) (bool, error) {
 	return false, nil
 }
 
-// imageSignedByCommonName is a predicate that is satisfied if an
-// image is signed by a subject with the specified common name.
-type imageSignedByCommonName string
-
-func (p imageSignedByCommonName) Matches(image peImageHandle) (bool, error) {
-	sigs, err := image.SecureBootSignatures()
-	if err != nil {
-		return false, err
-	}
-	for _, sig := range sigs {
-		if sig.GetSigner().Subject.CommonName == string(p) {
-			return true, nil
-		}
-	}
-	return false, nil
-}
-
 type imageDigestPredicate struct {
 	alg    crypto.Hash
 	digest []byte
diff --git a/efi/image_rules_defs.go b/efi/image_rules_defs.go
index 1e897efc..5b3e12fb 100644
--- a/efi/image_rules_defs.go
+++ b/efi/image_rules_defs.go
@@ -168,17 +168,6 @@ func makeMicrosoftUEFICASecureBootNamespaceRules() *secureBootNamespaceRules {
 			),
 			newGrubLoadHandlerConstructor(grubChainloaderUsesShimProtocol).New,
 		),
-		withImageRuleOnlyForTesting(
-			"Ubuntu grub, signed with snakeoil or other test key",
-			imageMatchesAll(
-				imageSectionExists(".mods"),
-				imageMatchesAny(
-					imageSignedByOrganization("Snake Oil"),
-					imageSignedByCommonName("new vendor certificate"),
-				),
-			),
-			newGrubLoadHandlerConstructor(grubChainloaderUsesShimProtocol).New,
-		),
 		withImageRule(
 			"grub",
 			imageMatchesAny(