7450 shaares
Honestly, SB has been security theater from the beginning because it depended on at least three entities the user and/or developers had no control over to certify the chain-of-trust is uncompromised. //
This is why many people in Linux land don't turn on SB. It's causing more trouble than its worth, given how easily it's bypassed on most hardware. And that's why I pointed out about the two conditions for SB to be useful. A) the UEFI options must default to fail to safe - refuse to boot (which most of the time they don't), B) Microsoft nor the OEMs can be part of the chain of trust, it must be entirely local and auditable. Those two conditions are also why it'll never properly function on consumer grade hardware.