> > Other question: Do we want allow to specify which certs/keys are > > enrolled? Which would probably mean to drop "enrolled-keys" from > > features and make it an optional string instead, > > Not an enum? "Microsoft" below should be an enum constant, shouldn't it? I don't think so. If we want allow other certificate providers (not sure it makes sense as all physical hardware actually runs with the microsoft certificates), then we don't want a fixed list here. So any CA can be listed, be it microsoft, redhat, canonical, verisign or kraxel.org ;) cheers, Gerd -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
