Yes, this would almost certainly need to be done in the firmware with manual user intervention. You could also provide a function to disable the feature, but if the choices are either (a) sign with Microsoft's key or (b) not have secure boot, that's less than ideal.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Doesn't this go against the MS recommendations?
Date: 2011-09-23 03:27 pm (UTC)