What? The vast majority of Linux systems running in a secure boot world run vendor-signed kernels.

> Technically, this was the intent of efivarfs

As the original author of efivarfs I can absolutely say that this was not the intent