There's nothing stopping a signed bootloader from sticking new keys in MOK. We assume that we can trust the signing body. _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
