Installers

Our (Fedora, etc) plan right now is to make special remediation boot media, so you can boot it with an older bootloader and it'll run fwupd to update the enrolled certificates. Obviously even that can only be so successful.

We're also going to try some experiments with making that a secondary boot entry on the primary media, with the hopes that at least some firmwares will correctly attempt it after the newer boot target, but it's yet to be seen how effective that will be. We'll also do our best to make sure EDK2 supports that correctly, and try to get Red Hat's hardware partners to make sure they have that support.