OK. Correct me if I am wrong, but the whole point of the original post was that one currently can't replace keys very easily on chromebooks without disabling the write-protection on the flash part. Maybe I missed it, but it would have been more straight forward and clearer if this was directly called out as being the thing you are concerned about.
I am curious as to why you aren't concerned about who owns the firmware that actually runs on your systems. An SMM handler could easily be installed to snoop your information and do with it was it pleases. What does secure boot or verified boot buy you if you can't inspect/trust what is actually running on one's system?
Re: Everything that glitters isn't Secure Boot
I am curious as to why you aren't concerned about who owns the firmware that actually runs on your systems. An SMM handler could easily be installed to snoop your information and do with it was it pleases. What does secure boot or verified boot buy you if you can't inspect/trust what is actually running on one's system?