This is why EFI #SecureBoot is evil:
It depends on #Microsoft to sign the EFI signature.
Secure boot is really scary from a software freedom standpoint
@Alonealastalovedalongthe I like the idea in theory. The practice and execution leave a lot to be desired though
@matt or you put your own key in the chain of trust and sign kernels/boot loaders that way?
I disagree. Actually, in order to get a "Windows Ready" certification for a device, Microsoft demands that SecureBoot keys are exchangable. Its just that most devices are shipped with Microsoft keys by default. SecureBoot is well supported by Linux.
Linux Geeks doing what Linux Geeks do..