Comment 12 for bug 1401532

> there can be various reasons for unsigned binaries to be loaded
> despite Secure Boot being marked as enabled in the firmware.

@cyphermox: I'd be curious to know what these "various reasons" are. Obviously one is: Secure Boot enforcement was disabled via MokManager in Shim. But what other reasons are there? If you have a minute could you please mentione them? tia!