> On Jul 7, 2021, at 10:28 AM, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote: > > On Wed, Jul 07, 2021 at 10:23:04AM -0600, Eric Snowberg wrote: >> >>> On Jul 7, 2021, at 12:46 AM, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote: >>> >>> On Tue, Jul 06, 2021 at 10:43:51PM -0400, Eric Snowberg wrote: >>>> This is a follow up to the "Add additional MOK vars" [1] series I >>>> previously sent. This series incorporates the feedback given >>>> both publicly on the mailing list and privately from Mimi. This >>>> series just focuses on getting end-user keys into the kernel trust >>>> boundary. >>> >>> WTF is MOK? >> >> MOK stands for Machine Owner Key. The MOK facility can be used to >> import keys that you use to sign your own development kernel build, >> so that it is able to boot with UEFI Secure Boot enabled. Many Linux >> distributions have implemented UEFI Secure Boot using these keys >> as well as the ones Secure Boot provides. It allows the end-user >> a choice, instead of locking them into only being able to use keys >> their hardware manufacture provided, or forcing them to enroll keys >> through their BIOS. > > Please spell this out in your cover letters and commit logs. I will add it in the future, thanks.
