I have been nominated seven straight years for hacker news reader with the least knowledge of security, so I’m embarrassed to ask: what keys would one want to sign and why?
It’s not your keys, it’s the Operating System keys uploaded to your device.
Essentially the same way UEFI secure boot works in the PC world.
You’re telling the device hardware “it’s only ok to run software that’s been signed with the private key that matches this public key”, so that once you’ve done that, you can have confidence that the operating system hasn’t been modified in future by anyone other than the original vendor (as only they have the private key).
The keys that verify that new boot software is allowed, the ones that verify it's coming from _you_ and not some other asshole trying to take over your phone after you rooted it.
