Comment by fc417fc802

Secureboot was being used as an example to illustrate the issue with your claim that a user controlling the keys must necessarily undermine security.

I'll grant that if the user is given control then compromise within the supply chain does become possible. However the same hypothetical malicious aliexpress vendor could also enroll a custom secure boot key, install "definitely totally legit windows", and unless the user inspects he might well never realize the deception. Or the supply chain could embed a keylogger. Or ...