> On Aug 12, 2021, at 12:58 PM, Jarkko Sakkinen <jarkko@xxxxxxxxxx> wrote: > > On Wed, Aug 11, 2021 at 10:18:42PM -0400, Eric Snowberg wrote: >> Many UEFI Linux distributions boot using shim. The UEFI shim provides >> what is called Machine Owner Keys (MOK). Shim uses both the UEFI Secure >> Boot DB and MOK keys to validate the next step in the boot chain. The >> MOK facility can be used to import user generated keys. These keys can >> be used to sign an end-users development kernel build. When Linux >> boots, both UEFI Secure Boot DB and MOK keys get loaded in the Linux >> .platform keyring. >> >> Add a new Linux keyring called .mok. This keyring shall contain just > > I would consider ".machine" instead. It holds MOK keys but is not a > MOK key. I’m open to renaming it to anything that you and the other maintainers feel would be appropriate. I just want to make sure there is an agreement on the new name before I make the change. Thanks.
