Yes I know this but its more the fact that there is no CRL that a new device can import so you are not in control of the pre-seeded keys. So if you have kit on the shelf for months and MS's private key is leaked or cracked then you have a large stock of compromised machines waiting to roll. I doubt any average PC retailer will be able to deal with manual key revocation. The same goes for your average government agency or health service.
It should ship with no PKI/certificate scheme at all. We don't need it and it doesn't work and its blatantly obvious.
Secure boot is entirely worthless from end to end.
It should ship with no PKI/certificate scheme at all. We don't need it and it doesn't work and its blatantly obvious.
Secure boot is entirely worthless from end to end.