> Even every single Linux user I know has bought a laptop and fired it up at least once before subverting the boot process to install Ubuntu right off the bat.
Now imagine there's an option in the UEFI BIOS:
* Revert to trust-on-boot mode. WARNING: this may expose you to attacks by malware.
Again, how is this any different than just letting the user enroll a key? Or using one signed by a supported key, or using one with a shimloader already ready to go?
I mean, I guess as a convenience mechanism, but then again, why not just disable it and be done with it. Maybe a chance that would make more sense to me would be to have an option:
* Extract SecureBoot keys from bootloader/kernel whatever
and be able to specify your own kernel or what not.
But then again, that's basically what you get via your own key enrollment ;)
Now imagine there's an option in the UEFI BIOS:
* Revert to trust-on-boot mode. WARNING: this may expose you to attacks by malware.