... except that in my experience most mechanics are competent with brakes, and most motherboard makers are not competent with cryptography, or indeed with anything having to do with software.
The auto repair industry has certain standards, and the computer industry... doesn't. In fact, the computer industry does everything it can to insulate itself from any kind of responsibility.
Because if they aren't and something happens the mechanic is the one who ends up rotting in a cell. Put the same penalties in place for ODMs and OEMs, mandating that machine owners absolutely always can change the locks to their own property, and mysteriously every single problem we have ever seen with secure boot is no longer some obscure inevitable unavoidable technology issue.
Luckily, you can ignore the factory keys and load your own. This issue affects the default configuration, from what I can tell loading in your own PK will override the built-in ones.
I was thinking about this too, thinking about the TPM 2.0 configuration of some machines. However, the keys used by TPM are not the "platform key".
> from what I can tell loading in your own PK will override the built-in ones
How can one go about doing this? If you have any resources that can show how, please share them. The public key of the "platform key" is "fused" into the hardware, is it not?
