https://bugzilla.suse.com/show_bug.cgi?id=1209006 https://bugzilla.suse.com/show_bug.cgi?id=1209006#c20 --- Comment #20 from Martin Wilck <martin.wilck@suse.com> --- (In reply to Michal Suchanek from comment #19)
Or just verify everything with the platform keyring. It's trusted for kernel verification, anyway. Why that distinction?
I agree. As noted above, I fail to understand what additional security upstream's MokListTrustedRT buys us. Repeating my previous question, why would anyone put keys into MoK which they don't trust? And while it's somewhat understandable that some people might not want to trust Microsoft's keys in the db (because of general contempt for Microsoft or what not), doing so doesn't provide any extra security, either. After all the firmware has already been verified by just these keys. -- You are receiving this mail because: You are on the CC list for the bug.