This isn't really any different to how kernel module signing is handled though - is there any real benefit to adding the extra step of signing mmx64.efi (and fbx64.efi) with the vendor key, other than not having to keep shimx64.efi, mmx64.efi and fbx64.efi in sync if you're testing a local build?
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880197 Title: mokmanager is signed using ephemeral key, instead of Vendor Key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1880197/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
