Because you as a Linux user still want to hang on the insecure leash of MS? Or why do you want to be forced to wait for MS again and again? UEFI is still a nasty disease and should be eradicated.
The idea is the opposite, to not rely in MS for Secure Boot. True that they created the secure boot but not because they created that is a bad idea. Many Linux distributions support Secure Boot through their own signing keys or by using tools like Shim (Ubuntu, Fedora, Debian, OpenSuse, Arch, Gentoo and NixOS), allowing us to maintain control and security without depending on Microsoft. Secure Boot is a security feature that ensures your computer boots only trusted software, reducing the risk of malware. It checks the signatures of boot software and only allows signed, trusted components to load. This helps protect your system from unauthorized access during startup. Not flawless but is better with than without. Also, along with other strategies it may some day be used by the gaming vendors as a potential via to validate anti cheat. Recently the systemd made some progress in the area enhancing the TPM config.
“the TPM PCRs could be used either to lock a disk-encryption key to only be used on kernels signed by a particular OS vendor, or to lock a disk-encryption key to specific local things, such as the firmware version, available hardware, etc. Now, with systemd 257, the user can configure both these kinds of requirements at once.”
Genuine question, doesn’t PopOS requires to disable secure boot to install? Not a big fan of distros that request it
Because you as a Linux user still want to hang on the insecure leash of MS? Or why do you want to be forced to wait for MS again and again? UEFI is still a nasty disease and should be eradicated.
The idea is the opposite, to not rely in MS for Secure Boot. True that they created the secure boot but not because they created that is a bad idea. Many Linux distributions support Secure Boot through their own signing keys or by using tools like Shim (Ubuntu, Fedora, Debian, OpenSuse, Arch, Gentoo and NixOS), allowing us to maintain control and security without depending on Microsoft. Secure Boot is a security feature that ensures your computer boots only trusted software, reducing the risk of malware. It checks the signatures of boot software and only allows signed, trusted components to load. This helps protect your system from unauthorized access during startup. Not flawless but is better with than without. Also, along with other strategies it may some day be used by the gaming vendors as a potential via to validate anti cheat. Recently the systemd made some progress in the area enhancing the TPM config.
https://lwn.net/Articles/1001730/
“the TPM PCRs could be used either to lock a disk-encryption key to only be used on kernels signed by a particular OS vendor, or to lock a disk-encryption key to specific local things, such as the firmware version, available hardware, etc. Now, with systemd 257, the user can configure both these kinds of requirements at once.”