On Wed, Feb 27, 2013 at 09:35:24AM +0000, ownssh wrote: > I think, redhat should have their own root key to sign binary files. > Bootloader of install media can be sign by MS certificates, but only use to > add > the redhat root key to UEFI database before install.
There's no way to update the UEFI key database without the update being signed by an already trusted key, so what you're proposing isn't possible. -- Matthew Garrett | mj...@srcf.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
