I'm very well aware of that. Here is another post from mjg59's blog that you might find enlightening:
http://mjg59.dreamwidth.org/18945.html
Especially the sections "Providing user control over trust" and "Providing user control over signature verification". A highlight for you:
Anything signed with the user's key will then be trusted.
edit: Here is another link detailing the shim bootloader mechanism:
http://mjg59.dreamwidth.org/20303.html
I'm very well aware of that. Here is another post from mjg59's blog that you might find enlightening:
http://mjg59.dreamwidth.org/18945.html
Especially the sections "Providing user control over trust" and "Providing user control over signature verification". A highlight for you:
Anything signed with the user's key will then be trusted.
edit: Here is another link detailing the shim bootloader mechanism:
http://mjg59.dreamwidth.org/20303.html