"always". What is this always scenario look like if MS decides to drop the "must allow legacy boot / disabling SB / enrolling key" requirement and only enroll theirs?
Not saying that will happen, I honestly don't think Microsoft cares that much (my own opinion, speculation based on Linux's market share despite my own love of it).
Just... "always" is a strong word. People used that word when talking about secure bootloaders on devices like Droid2, etc. Things that were ultimately only circumvented by kexec. Something that would be much different in a SecureBoot scenario.
Hm, interesting point. They've effectively made themselves the perfect gate keeper. Even for people like us on HN, I highlyhighly doubt hardly anyone outside of mjg59 has ever enrolled their own key.
I'm even highly interested in PKI and SecureBoot and have been quelling FUD about it for sometime but if I ever buy a non Pixel/MBA device, I'll leave the MS key in there almost assuredly.
Not saying that will happen, I honestly don't think Microsoft cares that much (my own opinion, speculation based on Linux's market share despite my own love of it).
Just... "always" is a strong word. People used that word when talking about secure bootloaders on devices like Droid2, etc. Things that were ultimately only circumvented by kexec. Something that would be much different in a SecureBoot scenario.