Howto really secure boot?
I don't know what this hype is all about, if:
"The Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system).
The current pre-bootloader is designed as an enabler only in that, by breaking the security verification chain at the actual bootloader, it provides no security enhancements over booting linux with UEFI secure boot turned off. "
And additionally Verisign or Microsoft will be forced to give away hidden door keys to the CIA. If I am a Mafia boss or spy who is in danger to get his device rootkitted I don't want these.
The only way would be to have my own key put into an opensource UEFI without hidden doors. And then signing my own key into my own kernels.
But this nonsense "secure" boot, why not simply turning off that shit ...
Is it just a marketing strategy to get closer?