It would be really great if Framework could publish the
DB certificates used for secure boot on the Framework laptop.
A user who chooses to enroll their own Platform Key (
PK) will lose system trust for anything that they, or a certificate they have signed, have signed.
Publishing the Key Exchange Key (
KEK) and Allowed Signature Database (
DB) certificates shipped with Framework laptops would allow such a user to re-enable that trust by cross-signing those certificates with their new platform key.
NOTE: This is not a request that you release the private keys! Just the public certificates, which already ship by default on every laptop and could be extracted.
Microsoft does this for their
DB as well, for the express purpose of enabling an OEM or
PK holder to trust the Windows bootloader and allow Microsoft to perform their own key exchanges.