Comment by fc417fc802
5 hours ago
Me managing my own (for example) secure boot keys does not inherently enable malicious actors. Obviously unauthorized access to the keys is an attack vector that whoever holds them needs to account for. Obviously it's not risk free. There's always the potential that a user could mismanage his keys.
There's absolutely no excuse for hardware vendors not to provide end users the choice.
> trust is protected by trusted companies...
The less control of and visibility into their product you have the less trustworthy they are.
the hardware is made by asus, asus signs with their key backed by a trusted company.
asus gives out keys to sign bios firmware, now aliexpress can not only counterfeit, but provide tampered hardware.
you can enroll your own secure boot keys so that's not really relevant.