[Foxboron]

>And if Microsoft stops signing your bootloaders it is an automatic death sentence for your distribution, as you can no longer boot the LiveCD without "scary prompts" and/or fiddling with the BIOS setup.

Not really?

Several popular Linux distributions simply do not support Secure Boot. Arch Linux is one of them.

[tremon]

That's because current generation of hardware does not mandate secure boot on x86. I expect that will change once Windows 11 has had a few years to turn the majority of the computers secure-boot capable due to its hardware demands.

[Foxboron]

That would be against the current UEFI spec. I get that people are cynical and expect this to happen but I don't think it will.

There are however going to be a lot more issues self-enrolling keys going forward.

[bscphil]

Just for clarification, I believe you mean that it's not something supported out of the box, in the form of a signed kernel / bootloader. It is something Arch Linux users could choose to set up themselves; there's a whole wiki article on it.