On 27/06/2022 21:18, Sharpened Blade via devel wrote:
Also, even when you cant remove Microsoft keys, you can still use the
shim.
If you can't remove Microsoft keys, you're nullifying the whole purpose
of secure boot, because anyone can use a signed shim to boot whatever
they want.
Also, if you remove Microsoft keys, you will need to sign the video and
network card firmware with your own CA in order to work in SB mode.
--
Sincerely,
Vitaly Zaitsev (vitaly(a)easycoding.org)