That’s…. a stretch. The issue is that the default CA that manufacturers include is Microsoft, so Debian developed a shim, signed by Microsoft, so that they could sign their own distros ans modules.
Since a lot of boards allow you to inject your own key into the MOK for UEFI, you can basically roll your own with a little work. It’s just not “out of the box” since they’d have to validate multiple different distros.
It’s more a matter of sheer size of Microsoft vs Linux rather than locking. I’ve said “a lot” and “most” around boards given that I’m not sure what the breakdown is, but I haven’t seen a board that doesn’t do that.
That’s…. a stretch. The issue is that the default CA that manufacturers include is Microsoft, so Debian developed a shim, signed by Microsoft, so that they could sign their own distros ans modules.
Since a lot of boards allow you to inject your own key into the MOK for UEFI, you can basically roll your own with a little work. It’s just not “out of the box” since they’d have to validate multiple different distros.
It’s more a matter of sheer size of Microsoft vs Linux rather than locking. I’ve said “a lot” and “most” around boards given that I’m not sure what the breakdown is, but I haven’t seen a board that doesn’t do that.