Gregory's Server
@nixCraft Meanwhile, in the real world, Debian has a strongly worded article about how UEFI and Secure Boot actually are for security reasons and that, on a Linux only system, you can wipe the default keys and install keys from that Linux distro.
UEFI is close to 20 years old at this point, and Secure Boot is part of the spec. If Microsoft was going to do something nefarious, they'd have done it by now. Instead, they require OEMs to have unlockable firmware.
@Eternal_Light@mastodon.social @nixCraft@mastodon.social with the assumption that the firmware supports user-defined variables/keys
there are x86 models that enforce SB and TPM with only MS key and Vendor key
one can't even revoke a known exploited key.