Gerd Hoffmann wrote: > On Tue, Dec 20, 2022 at 04:31:20PM -0500, Simo Sorce wrote: > > And if you chose your HW carefully you may even be able to register > > your own public keys, generate and sign your own built UKIs and re- > > enable SecureBoot after that... your choice! > > And when your hardware doesn't allow that you can still add your own > keys with mokutil so shim.efi will accept your self-signed UKIs.
I'll see when I can take the time for a research project to figure out how customized UKIs can be produced, and develop a tool to do that. Probably never, because I have way too much to do already. Apparently there is no such tool and no plan to provide one, because surely that would have been mentioned under "User Experience". Björn Persson
pgpMf3pOAD4my.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
