Comment # 3 on bug 1083723 from 
(In reply to Jiri Slaby from comment #2)
> (In reply to Michael Schr�der from comment #1)
> > It's possible, of course, but we aren't allowed to do this. Please talk with
> > the security team.
> 
> NEEDINFO-ed now.
> 
> > Why do you even need that? Can't you just add that Kernel: key to your list
> > of allowed UEFI keys on your test machine?
> 
> It's mainly convenience. It might be rather easy for *me* to upload the key
> to the FW (BTW could somebody write down how -- I have no idea?). But it's

If you are talking about mok. Then:

step 1. enroll certificate to mok
  # enroll certificate with root password
  # mokutil --root-pw --import public-256.der

step 2. reboot, follow the mok manager's interactive UI to enroll key.

step 3. boot to system
  # show the enrolled certificate in mok
  # mokutil --list-enrolled

You are receiving this mail because: