Posted Oct 5, 2012 13:59 UTC (Fri) by mjg59 (subscriber, #23239)
In reply to: updates by oak
Parent article: LSS: Secure Boot
It's possible to push out an update that wipes the existing blacklist and instead revokes the key at the root of that trust. That would be inconvenient (everyone with valid signed material would need to get it resigned) but possible.