[fsflover]

I'm surprised that the author doesn't mention Pureboot [0] or even Heads [1], the most user-friendly [2] way to use TPM on Linux and authenticate the boot process along with /root, /boot directories.

Also, there is no Microsoft involved in my laptop, i.e., the author's statement

> Microsoft's certificates are basically built into all of today's PCs

is wrong. I enjoy the coreboot with Heads on my Librem 14 with my own keys.

[0] https://docs.puri.sm/PureBoot.html

[1] https://github.com/osresearch/heads

[2] https://puri.sm/posts/pureboot-101-first-boot-first-update-a...

[ongy]

He's generally (I suspect p>99, probably a 9 more by volume) correct with his statement.

[fsflover]

You are right, however the existence of alternatives is extremely important and should always be mentioned.

[ahartmetz]

If you're Lennart, the existence of alternatives is a nuisance, so no need to give them free publicity.

[ongy]

I wanted to avoid making this a "it's Lennart" point.

Even then, IME he's building software for 99% of users, which this covers. It can be quite annoying when he makes life hard for the remaining 1% (or fraction thereof), but I'm not as antagonistic to him as others.

Also, he kinda mentions it in the "Anything Else?" section. Not the firmware that doesn't ship with the MS keys at all, but the ability to insert your own keys and distrust the MS ones.

[jest3r1337]

Haha, I didn't realize the article was from our beloved friend.

[fsflover]

Good point. He's trying to widen the extent of systemd (and Microsoft?) yet again.

[fsflover]

Why is this downvoted?