Again, how is this any different than just letting the user enroll a key? Or using one signed by a supported key, or using one with a shimloader already ready to go?
I mean, I guess as a convenience mechanism, but then again, why not just disable it and be done with it. Maybe a chance that would make more sense to me would be to have an option:
* Extract SecureBoot keys from bootloader/kernel whatever
and be able to specify your own kernel or what not.
But then again, that's basically what you get via your own key enrollment ;)
I mean, I guess as a convenience mechanism, but then again, why not just disable it and be done with it. Maybe a chance that would make more sense to me would be to have an option:
* Extract SecureBoot keys from bootloader/kernel whatever
and be able to specify your own kernel or what not.
But then again, that's basically what you get via your own key enrollment ;)