Comment by plagiarist

If I am signing my own kernel, that's awesome.

If Poettering is signing my kernel and reporting my UUID to websites along with proof I am viewing all ads, that is dreadful.

Unfortunately it will be the latter. Motherboards already have signed binary firmware blobs, some people cannot remove the Microsoft keys and still have functioning UEFI secure boot.