[sounds]

I think you're intentionally obscuring the difference between:

(1) A system locked by Microsoft, who benevolently allows some users to achieve freedom by setting up new Platform Keys.

If the big dollar clients demand standardization and openness, then it might curtail the typical Microsoft antitrust shenanigans.

(2) A system that is owned by the purchaser, who may choose to deploy Microsoft or other security solutions, and then remove them, at will.

We already have (2), so any attempt to subvert it is by definition untrustworthy.

Item (1) is what is called "trustworthy computing," and Microsoft still openly celebrates it [1].

Item (2) is what is being obscured.

[1] https://www.microsoft.com/en-us/security/blog/2022/01/21/cel...

[p_l]

I think you are intentionally obscuring the difference between "no standard solution for cryptographic check of what you're booting" and "solution that provides that which one of the vendors pushed to make switchable in ways that keep it open for others as well, even if only because it makes business sense for them as well"

Trustworthy computing, even in Microsoft way, involves owner deciding what's running and being able to verify that. Funnily enough Microsoft's "solution" here involves removing Microsoft keys and owner signing specific binaries they allow to run.

We don't have yours (2) because of various gaps you could drive an American freight train through. The options that exists are all even more closed down than SecureBoot (which is just one leg of Trustworthy Computing).

N.B. the main subversive component in all of this, and tellingly implemented because stakeholders of "trustworthy computing" actually care about owner control, is protected media path, foisted by MPAA and streaming industry through closed blobs in Intel ME and AMD PSP