On Wed, Sep 4, 2013 at 9:39 PM, Matthew Garrett <matthew.garrett@xxxxxxxxxx> wrote: > There's nothing stopping a signed bootloader from sticking new keys in MOK. We assume that we can trust the signing body. OK, that's fine. Maybe throw a comment to that effect in the code. josh _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
