> * Secure Boot (vendor-keyed deployments)

I wish this myth would die at this point.

Secure Boot allows you to enroll your own keys. This is part of the spec, and there are no shipped firmwares that prevents you from going through this process.

▲

digiown 3 hours ago | parent | next [-]

> Secure Boot allows you to enroll your own keys

UEFI secure boot on PCs, yes for the most part. A lot of mobile platforms just never supported this. It's not a myth.

▲

Foxboron 3 hours ago | parent [-]

Phones don't implement UEFI.

▲

seba_dos1 2 hours ago | parent [-]

Most don't, but they're usually equivalently locked down nevertheless.

▲

Foxboron 2 hours ago | parent [-]

UEFI on x86_64 and phones are not comparable when it comes to being "locked down".

	▲	seba_dos1 2 hours ago \| parent [-]
		Are you sure? Note that the comment you replied to does not even mention phones. Locked down Secure Boot on UEFI is not uncommon on mobile platforms, such as x86-64 tablets.

▲

yjftsjthsd-h 2 hours ago | parent | prev | next [-]

> This is part of the spec, and there are no shipped firmwares that prevents you from going through this process.

Microsoft required that users be able to enroll their own keys on x86. On ARM, they used to mandate that users could not enroll their own keys. That they later changed this does not erase the past. Also, I've anecdotally heard claims of buggy implementations that do in fact prevent users from changing secure boot settings.

▲

201984 2 hours ago | parent | prev [-]

What about all those Windows on ARM laptops?