Matthew Garrett ([personal profile] mjg59) wrote 2022-07-12 10:12 pm (UTC)

Enterprises are in a position to modify firmware configuration during initial provisioning to set whatever secure boot policy they want. There's no need for the machines to ship with restrictive defaults.

No company with centrally managed machines is going to allow the purchase of a laptop that allows a user to boot into a Linux live USB and work on the windows registry as data.

That's odd, because every Thinkpad sold from 2012 until now has trusted the third party certificate by default and I'm pretty sure Lenovo have been selling them to businesses with centrally managed machines during that time.
(24 comments)

Post a comment in response:

If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.