It is 2025. I go to a random store and buy a laptop. It comes with Windows. I put on a pendrive of a Linux distribution that claims to be secure boot compatible. I reboot. It doesn't work -- it goes straight into Windows.

I see the BIOS offers a boot menu -- "press F12 during boot to select boot device", it clearly says during POST. I press F12. I choose the USB Sandisk whatever pendrive where my Linux distribution is. It doesn't work -- it still boots straight into Windows. There's no error message whatsoever, it just goes into Windows.

I continue to peruse the BIOS. I find an option to wipe the internal storage. I do it. There is no Windows anymore. I plug in the pendrive and reboot the system. It doesn't work -- it goes straight into a BIOS setup page called "Recovery". It offers me to do hardware diagnostics, as if I had a broken laptop screen or something. Not once it mentions anything about there having been a secure boot failure.

What is this if not blocking people from installing Linux ? All of this used to frigging work. I would put the pendrive and it would boot Linux no questions asked. Or at worst I would need to hold some key while booting. Or in worst case situation I could use _frigging Windows itself_ to boot from a difference device on next boot (they STILL offer this). It. Used. To. Work.

At the end and by pure luck I find out that, like many other computers sold today, and as per the "recommendation" of Microsoft, this computer does not have the "Microsoft UEFI CA key" enabled by default. It is completely logical that I have to enable something about Microsoft UEFI on my BIOS to allow Linux to boot. Completely logical.

Ah, and I get a million warnings while doing that, clearly saying that "This will reduce the security of my computer". I got less warnings when I wiped the disks than when I enabled the MS UEFI CA. Seriously. Don't even think of trying to disable Secure Boot . Your will lose your data faster than if you literally sanitize your disks. Apparently.

And worst of it, the poor distributions that are "Secure Boot" compatible needed to _castrate_ themselves in order for MS to sign them. For example, Suse doesn't support friggin' _hibernation_ anymore. No more NVIDIA drivers. No more loading kernel modules. "Root" is no longer "root" if you boot with Secure Boot. Lockdown is mandatory despite the fact that Linus himself said it was a stupid dumb move to tie Lockdown to Secure Boot status. It happened anyway. That is the power of MS.

And despite the mandatory castrating, MS still goes and ALTERS THE DEAL, since now Secure Boot devices ANYWAY STILL NO LONGER BOOT LINUX DISTRIBUTIONS BY DEFAULT.

Call this whatever you want. I call it Secure Boot working as intended. And that is the problem.