Comment # 23 on bug 1209006 from 
I think that upstream as failing to understand that the transitivity of trust
goes both ways.

If MS verifies SUSE shim, and SUSE shim accepts enrollment of Joe Users' key
then MS transitively verifies enrollment of Joe Users' key. But if Joe User
trusts SUSE shim with his key, and MS to verify that SUSE shim Joe User also
transitively trusts that MS key.

You could enforce some baroque policies that only allow specific keys to be
used for verification of specific things but the kernel does not have
infrastructure for storing such key purpose information. Until such
infrastructure exists key trust is just binary.

You are receiving this mail because: