> Microsoft stipulates that other OSes need to be able to run on these devices. However to do so one has to obtain a boot key from microsoft.
No.
Microsoft stipulates that other OSes must be supported AND that Secure Boot must have an off-switch in the BIOS/uEFI.
Secure Boot has three "modes:"
- Use my built in keys (aka Microsoft signing only).
- Use user supplier keys (aka Custom Mode).
- Off
Only Microsoft-mode and off-mode are relevant to this discussion, because outside of government entities it isn't viable to produce and distribute custom keys.
No.
Microsoft stipulates that other OSes must be supported AND that Secure Boot must have an off-switch in the BIOS/uEFI.
Secure Boot has three "modes:"
- Use my built in keys (aka Microsoft signing only).
- Use user supplier keys (aka Custom Mode).
- Off
Only Microsoft-mode and off-mode are relevant to this discussion, because outside of government entities it isn't viable to produce and distribute custom keys.