owl@beach.city ("ugglan") wrote:
am I understanding correctly that newfangled computers come loaded with MS keys in firmware, and "secure boot" checks that loaded binaries are signed by one of these keys?
and also anyone has access to those keys, so e.g. Red Hat just use MS keys to sign?
so it's effectively useless?