Y
Hacker News
new
|
ask
|
show
|
jobs
by
ZeroWidthJoiner
2 days ago
The root of trust in Secure Boot is typically an OEM certificate, not Microsoft's, which is probably even worse:
https://www.binarly.io/blog/pkfail-untrusted-platform-keys-u...
In any case, you're free to remove Microsoft's certificates and enroll your own.