[aiscoming]

this is how Microsoft wins the war against general computing

you must not join it, refuse to lockdown your computer

[irusensei]

Secure boot and TPM are good technologies. You can roll your own keys and Microsoft won't have anything on it.

Do people still think you need to have your boot program signed by Microsoft in order to use it?

I also wonder if this sentiment is what stalled development in other more traditional projects like BSD derivatives. I'd love to have FreeBSD with secure boot and loading ZFS keys from the TPM.

[weightedreply]

Microsoft's certification states that OEM's must allow the user to configure secure boot to trust other bootloader's.

https://learn.microsoft.com/en-us/windows/security/operating...

However OEM's like HP are ignoring the certification requirements:

https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-...

https://h30434.www3.hp.com/t5/Notebook-Boot-and-Lockup/How-t...

[irusensei]

Interesting. I had a 705 G4 (or 74 g5? Idk the one with the Ryzen 2400Ge) and the firmware supported putting the machine secure boot system on setup mode.

[ChocolateGod]

Some cases OEMs ignore the requirement the other way round, e.g. the MSI boards that perform zero signature checking with secure boot on.