Date: 2022-07-12 10:12 pm (UTC)
From: [personal profile] mjg59
Enterprises are in a position to modify firmware configuration during initial provisioning to set whatever secure boot policy they want. There's no need for the machines to ship with restrictive defaults.

No company with centrally managed machines is going to allow the purchase of a laptop that allows a user to boot into a Linux live USB and work on the windows registry as data.

That's odd, because every Thinkpad sold from 2012 until now has trusted the third party certificate by default and I'm pretty sure Lenovo have been selling them to businesses with centrally managed machines during that time.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

Profile

Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. [personal profile] mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.

Expand Cut Tags

No cut tags