On 26/07/2022 20:05, Chris Murphy wrote:
Summary: Windows 10/11 increasingly enables Bitlocker (full disk
encryption) out of the box with the encryption key sealed in the TPM. Two different issues
result:
Microsoft has published a new security bulletin on the current state of
Secure Boot:
https://docs.microsoft.com/en-us/windows/security/information-protection/...
The most important note:
Secured-core PCs require Secure Boot to be enabled and configured to
distrust the Microsoft 3rd Party UEFI CA signature, by default, to provide customers with
the most secure configuration of their PCs possible.
TL;DR. The new certified by Microsoft devices will be able to load only
Microsoft Windows in the UEFI Secure Boot enabled mode.
"Microsoft <3 Linux", "Microsoft is a friend", "Microsoft has
changed",
- they said.
--
Sincerely,
Vitaly Zaitsev (vitaly(a)easycoding.org)