Whether this is a reasonable security measure or nonsense is way above my pay grade... but this and your earlier blog post is being read by many - and repeated by highly-read "authorities" as meaning signed distros can't be booted in secure mode.
That simply ain't so. True they won't secure boot by "default", but the non-default is not turning off secure mode. It's enabling 3rd party UEFI CA in bios. And it's not just the Z series. All the newer ThinkPads default to no 3rd parts certs - and all have the option to enable them w/out turning off secure boot.
You'd be doing your readers - and those who follow those misreading your blog - a great service by making this clear.
no subject
That simply ain't so. True they won't secure boot by "default", but the non-default is not turning off secure mode. It's enabling 3rd party UEFI CA in bios. And it's not just the Z series. All the newer ThinkPads default to no 3rd parts certs - and all have the option to enable them w/out turning off secure boot.
You'd be doing your readers - and those who follow those misreading your blog - a great service by making this clear.
regards,
Z.