For me it's the principle of the thing. I refuse to let Microsoft approve what I can and can't boot on my own damn computer with the "signing." It's security theater, most generously, and another way to lock us out of anything but Windows.

If this means I eventually have to use USB boot devices, then so be it.

Please, stop with the FUD.
SecureBoot is a hardware design feature. It is not an operating system feature.
Like syslinux, elilo instantiates a variable with an undefined value. The kernel now ensures that
variable has a suitable value for the section of code that makes use of it.

The Ventoy link is interesting, but irrelevant. If a user enrols a MOK, then that user accepts responsibility. As argued there, there may be a responsibility to provide suitable warnings upon potential misuse, but there is no requirement.

@hazel is correct. This agrees.

Another signed preloader

What to do if users all start to run amok because of SecureBoot?
Who gets blamed?

Users, pretty obvious: before installing OS/distro check what software can do.


I understand the question: there was someone who after several months of installing custom kernels did not know if he/she is running 32-bit or 64-bit OS and kernel. Then there was an absurd problem with 4.5GB modules just because users never bothered to use custom verified config just blindly installed "custom" kernels...

This is user fault nothing else.


If one does not know anything about OS, maybe should install easy distribution that do all for user. Some OS/distros Slackware, Gentoo, Artix, Venom, *BSDs require some input and knowledge.
This is so simple.