On Fri, Mar 31, 2023 at 04:30:21PM +0200, Ahelenia Ziemiańska wrote: > This allows a cert in DB to be used to sign modules, > in addition to certs in the MoK and built-in keyrings. > > This key policy matches what's used for kexec. > > Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx> Before I nose dive, the commit log should explain why this patch never was sent upstream, if it was, why it was rejected. What makes it good now? Who is using it? What are other distributions doing about it? Luis