What? I think you maybe just don’t know what purpose secure boot serves.
It’s not a tool to vendor lock computers, it’s a tool to establish a chain of trust to protect the boot process by only allowing cryptographically signed images from executing. Anyone can sign things for secure boot by simply creating an x509 certificate and importing it. If vendors wanted to prevent you from running a different operating system, they would just lock it down completely as is done in many devices like mobile phones and proprietary electronics.
It works for now on x86-64, yes. For now. As always, we are one “think of the children” crisis away from lobbyists taking that option away.
What? I think you maybe just don’t know what purpose secure boot serves.
It’s not a tool to vendor lock computers, it’s a tool to establish a chain of trust to protect the boot process by only allowing cryptographically signed images from executing. Anyone can sign things for secure boot by simply creating an x509 certificate and importing it. If vendors wanted to prevent you from running a different operating system, they would just lock it down completely as is done in many devices like mobile phones and proprietary electronics.
^ this People are very ignorant about what secure boot actually is.