Comment by josephcsible

> Why, if you dont mind my asking?

Because I care that I'm secure, but I don't care that my computer isn't secure from me.

> how long would you expect Microsoft to write updates for computers with insecure boot chains, and secure boot chains?

Forever, because the same code works for both unless they go out of their way to do extra work for it not to.

> How much should they spend on mitigations for classes of attack that you can shut down just by updating?

There are basically zero attacks against ordinary consumers that SB/TPM protect from. The kinds of attacks regular people need to worry about are resolved through regular updates that don't need those things.

> Why would they risk being seen to support a platform, that they consider a potential vector of incredibly bad PR, just for end user convenience?

What are you talking about? There's no bad PR in allowing SB/TPM to be off. The bad PR comes from requiring them to be on.

> They have been browbeaten into being extremely security conscious, especially after the SMB stuff.

SB/TPM aren't actual security. They're DRM masquerading as security.

> Personally, my Win 10 laptops are becoming Debian laptops as god intended.

That's good, but it doesn't invalidate any of the above.