On Wed, Sep 4, 2013 at 9:39 PM, Matthew Garrett
<matthew.garrett(a)nebula.com> wrote:
There's nothing stopping a signed bootloader from sticking new
keys in MOK. We assume that we can trust the signing body.
OK, that's fine. Maybe throw a comment to that effect in the code.
josh