On Wed, Jul 07, 2021 at 10:23:04AM -0600, Eric Snowberg wrote: > > > On Jul 7, 2021, at 12:46 AM, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote: > > > > On Tue, Jul 06, 2021 at 10:43:51PM -0400, Eric Snowberg wrote: > >> This is a follow up to the "Add additional MOK vars" [1] series I > >> previously sent. This series incorporates the feedback given > >> both publicly on the mailing list and privately from Mimi. This > >> series just focuses on getting end-user keys into the kernel trust > >> boundary. > > > > WTF is MOK? > > MOK stands for Machine Owner Key. The MOK facility can be used to > import keys that you use to sign your own development kernel build, > so that it is able to boot with UEFI Secure Boot enabled. Many Linux > distributions have implemented UEFI Secure Boot using these keys > as well as the ones Secure Boot provides. It allows the end-user > a choice, instead of locking them into only being able to use keys > their hardware manufacture provided, or forcing them to enroll keys > through their BIOS. Please spell this out in your cover letters and commit logs.
