Comment 3 for bug 1993646

Files being preserved or not in OEM mode is ubiquity, not shim; reassigning.

However, I'm not sure we WANT mok keys to be kept in OEM mode. Part of the intent of OEM mode is that the resulting disk image could then be copied between multiple systems. You would certainly not want all customer systems to have access to a single private key that can be used to sign kernel modules for all other customer systems. If anything, I think the bug here is probably that OEM lets you enroll a MOK key at all rather than blocking this (and saving an additional reboot).