These are business machines. No company with centrally managed machines is going to allow the purchase of a laptop that allows a user to boot into a Linux live USB and work on the windows registry as data. End users' machines must be able to block 3rd party certs. It seems to me like having a simple BIOS option allows non managed hardware to boot anything the user wishes, while stopping non-Windows boots via a BIOS control with a BIOS password.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2022-07-12 09:43 pm (UTC)