On Thu, Jul 9, 2020 at 5:20 PM Chris Adams <linux(a)cmadams.net> wrote:
Once upon a time, nickysn(a)gmail.com <nickysn(a)gmail.com> said:
> To be honest, I don't know. Do all UEFI secure boot implementations
> allow you to add your own keys to the list of trusted keys?
I believe that the Microsoft OEM Windows x86_64 distribution
requirements require UEFI, with Scure Boot enabled, and with the ability
for the system admin to add their own signing keys. So, most every
AMD/Intel system you run across should support that.
I don't know this for sure, but from what I've heard, that last point
(user management of keys) is no longer a requirement, as is being able
to disable Secure Boot. Some of my friends have reported getting
laptops from some big vendors without the ability to do either in the
last couple of years.
--
真実はいつも一つ!/ Always, there's only one truth!