MJG59 said, ""Secure Boot can be disabled on all systems running shim."
I said, "Can you guarantee that M$ and the OEMs will continue to allow Secure Boot to be disabled on all systems running shim.?"
MJG59 said, "It doesn't involve Microsoft or the OEMs, so yes." . . Let me rephrase the question. Can you guarantee that M$ and the OEMs will continue to allow Secure Boot to be disabled on all their new Win 10 computers.?
If Secure Boot cannot be disabled, your proposal to lockdown the Linux kernel with Secure Boot enabled will stop most average users from editing the kernel boot parameters in order to be able to boot a Live Linux USB/DVD, eg those with Nvidia or AMD graphics cards.
AFAIK, shim is only needed to boot non-Windows software(eg Linux) when Secure Boot is enabled, ie shim is not needed when Secure Boot is disabled.
Re: You're not making much sense
MJG59 said, ""Secure Boot can be disabled on all systems running shim."
I said, "Can you guarantee that M$ and the OEMs will continue to allow Secure Boot to be disabled on all systems running shim.?"
MJG59 said, "It doesn't involve Microsoft or the OEMs, so yes."
.
.
Let me rephrase the question. Can you guarantee that M$ and the OEMs will continue to allow Secure Boot to be disabled on all their new Win 10 computers.?
If Secure Boot cannot be disabled, your proposal to lockdown the Linux kernel with Secure Boot enabled will stop most average users from editing the kernel boot parameters in order to be able to boot a Live Linux USB/DVD, eg those with Nvidia or AMD graphics cards.
AFAIK, shim is only needed to boot non-Windows software(eg Linux) when Secure Boot is enabled, ie shim is not needed when Secure Boot is disabled.