Comment # 22 on bug 1209006 from Michal Suchanek

(In reply to Joey Lee from comment #21)
> For reference, kernel upstream's plan of .platform and .machine keyrings is
> here:
> 
> keyrings, key usage, and trust models
> https://lore.kernel.org/all/20220928055900.GT4909@linux-l9pv.suse/t/
> #m3ce7e451f1855d9c432965bb896cb7ce0f89e009

So there are only questions, no answers. It has been pointed out that the
scheme proposed by upstream is inconsistent and broken, and there has been no
reply. 

Upstream is not willing to concern itself with distribution kernel needs, and
if we want to use MOK we need to patch the kernel downstream so that using MOK
is possible.