There is also the option of enrolling your own certs and resigning the bootloader and any Option ROMs you need, if you're really worried / expect to actually be broken by this.

▲

mjg59 5 days ago | parent | next [-]

Re-signing option ROMs is not trivial (or, well, it's easy to do the signing, it's not necessarily easy to flash that driver back into the card)

▲

Arnavion 5 days ago | parent [-]

I see. I've never had to deal with any Option ROMs myself. In that case the easier option is to add their hash to db?

	▲	mjg59 5 days ago \| parent [-]
		That's the easiest, but it's a pain if you want to switch cards

▲

s_ting765 4 days ago | parent | prev [-]

I have a HP BIOS that doesn't go into setup mode (required to enroll certs) so I have no choice but to deal with the MS shim.