> The proper way is to enroll the private keys with the bios
But a method of doing that wasn't included in the UEFI standard for obvious Microsoft reasons, so few vendors support it and those that do usually don't do it correctly, let alone in a standardised way.
But a method of doing that wasn't included in the UEFI standard for obvious Microsoft reasons, so few vendors support it and those that do usually don't do it correctly, let alone in a standardised way.