On Jul 7, 2021, at 10:28 AM, Christoph Hellwig [off-list ref] wrote:

On Wed, Jul 07, 2021 at 10:23:04AM -0600, Eric Snowberg wrote:

quoted

quoted

On Jul 7, 2021, at 12:46 AM, Christoph Hellwig [off-list ref] wrote:

On Tue, Jul 06, 2021 at 10:43:51PM -0400, Eric Snowberg wrote:

quoted

This is a follow up to the "Add additional MOK vars" [1] series I 
previously sent.  This series incorporates the feedback given 
both publicly on the mailing list and privately from Mimi. This 
series just focuses on getting end-user keys into the kernel trust 
boundary.

WTF is MOK?

MOK stands for Machine Owner Key.   The MOK facility can be used to 
import keys that you use to sign your own development kernel build, 
so that it is able to boot with UEFI Secure Boot enabled. Many Linux 
distributions have implemented UEFI Secure Boot using these keys 
as well as the ones Secure Boot provides.  It allows the end-user 
a choice, instead of locking them into only being able to use keys 
their hardware manufacture provided, or forcing them to enroll keys 
through their BIOS.

Please spell this out in your cover letters and commit logs.

I will add it in the future, thanks.