On Montag, 3. August 2015, Ben Hutchings wrote:
> Only the FTP team will be able to get shim signed by the Microsoft CA.
> Only the FTP team will be able to sign GRUB and the kernel using the
> private key for which the public part is embedded in shim.
> Users can add further trusted keys at boot time through the BIOS setup
> program or shim; then they can use their own signed kernels.

Thanks for clarifying.

About your original question, I dont have a good answer right now. I think it 
would be a good topic to discuss at DebConf...! Thanks for bringing this up to 
us already!


Attachment: signature.asc
Description: This is a digitally signed message part.

Reproducible-builds mailing list

Reply via email to