From 6f1e65308e29b4b7b275dd799429a80c15337d8f Mon Sep 17 00:00:00 2001
From: Tim Crawford <tcrawford@system76.com>
Date: Tue, 12 Dec 2023 09:46:39 -0700
Subject: [PATCH] docs: Update note about Secure Boot support

Secure Boot support is enabled. Make it clear in the doc that it was
enabled so Windows could be installed, and not as a means for securing
the system.

Signed-off-by: Tim Crawford <tcrawford@system76.com>
---
 docs/uefi.md | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/docs/uefi.md b/docs/uefi.md
index 5c265eb..5d9fdd7 100644
--- a/docs/uefi.md
+++ b/docs/uefi.md
@@ -14,12 +14,15 @@ Network functionality is disabled. Native PXE booting is not supported.
 
 ### Secure Boot
 
-Secure Boot support is currently disabled.
+Secure Boot support is enabled since system76/firmware-open@105e74b14613
+(2023-04-03).
 
-The implementation from 9elements is in development. If building a custom
-image, the edk2 config `SECURE_BOOT_ENABLE` can be set to enable support.
+A minimal firmware UI is available to delete all keys and enroll the default
+keys. It is intended that most management is done from the OS.
 
-There is currently no firmware UI to view or configure Secure Boot.
+Note that the Secure Boot support present is only intended for allowing
+Microsoft Windows installation checks to pass. It should not be relied on for
+system security due to limitations of the implementation.
 
 ## Shell