X-Git-Url: https://code.delx.au/refind/blobdiff_plain/b2410fb7695fb349a65a2749e9524f250a4f6420..1e45a07f1a4521411ccd61dffe00e7ceebd38824:/keys/README.txt

diff --git a/keys/README.txt b/keys/README.txt
index bcf1bf3..9d69b0c 100644
--- a/keys/README.txt
+++ b/keys/README.txt
@@ -1,9 +1,9 @@
-This directory contains known public keys for Linux distributions and other
-parties that sign boot loaders and kernels that should be verifiable by
-shim. I'm providing these keys as a convenience to enable easy installation
-of keys should you replace your distribution's version of shim with another
-one and therefore require adding its public key as a machine owner key
-(MOK).
+This directory contains known public keys for Linux distributions and from
+other parties that sign boot loaders and kernels that should be verifiable
+by shim. I'm providing these keys as a convenience to enable easy
+installation of keys should you replace your distribution's version of shim
+with another one and therefore require adding its public key as a machine
+owner key (MOK).
 
 Files come with three extensions. A filename ending in .crt is a
 certificate file that can be used by sbverify to verify the authenticity of
@@ -17,13 +17,41 @@ utility expects its input public keys in this form, so these are the files
 you would use to add a key to the MOK list maintained by MokManager and
 used by shim.
 
-The files in this directory are:
+The files in this directory are, in alphabetical order:
 
-- canonical-uefi-ca.der -- Canonical's public key, used to sign Ubuntu
-  boot loaders and kernels.
+- altlinux.cer -- The public key for ALT Linux (http://www.altlinux.com).
 
-- fedora-ca.cer -- Fedora's public key, used to sign Fedora 18's version of
-  shim and Fedora 18's kernels.
+- canonical-uefi-ca.crt & canonical-uefi-ca.der -- Canonical's public key,
+  matched to the one used to sign Ubuntu boot loaders and kernels.
+
+- fedora-ca.cer & fedora-ca.crt -- Fedora's public key, matched to the one
+  used used to sign Fedora 18's version of shim and Fedora 18's kernels.
+
+- microsoft-kekca-public.der -- Microsoft's key exchange key (KEK), which
+  is present on most UEFI systems with Secure Boot. The purpose of
+  Microsoft's KEK is to enable Microsoft tools to update Secure Boot
+  variables. There is no reason to add it to your MOK list.
+
+- microsoft-pca-public.der -- A Microsoft public key, matched to the one
+  used to sign Microsoft's own boot loader. You might include this key in
+  your MOK list if you replace the keys that came with your computer with
+  your own key but still want to boot Windows. There's no reason to add it
+  to your MOK list if your computer came this key pre-installed and you did
+  not replace the default keys.
+
+- microsoft-uefica-public.der -- A Microsoft public key, matched to the one
+  Microsoft uses to sign third-party applications and drivers. If you
+  remove your default keys, adding this one to your MOK list will enable
+  you to launch third-party boot loaders and other tools signed by
+  Microsoft. There's no reason to add it to your MOK list if your computer
+  came this key pre-installed and you did not replace the default keys.
+
+- openSUSE-UEFI-CA-Certificate.cer & openSUSE-UEFI-CA-Certificate.crt --
+  Public keys matched to the ones used to sign OpenSUSE 12.3.
 
 - refind.cer & refind.crt -- My own (Roderick W. Smith's) public key,
-  used to sign refind_x64.efi and the 64-bit rEFInd drivers.
+  matched to the one used to sign refind_x64.efi and the 64-bit rEFInd
+  drivers.
+
+- SLES-UEFI-CA-Certificate.cer & SLES-UEFI-CA-Certificate.crt -- The
+  Public key for SUSE Linux Enterprise Server.