@Eternal_Light@mastodon.social @nixCraft@mastodon.social with the assumption that the firmware supports user-defined variables/keys

there are x86 models that enforce SB and TPM with only MS key and Vendor key

one can't even revoke a known exploited key.