More corporate crap being foisted on gnome, for home users it's all a waste of space.

I share the sentiment, but how would you implement the loading of new keys? A reduced flash storage associated to the ROM? Otherwise, NVRAM is all you can write to, it will obviously get erased when removing the CMOS battery.

So, rather than fix it we oppose flagging the problem?

Wow, so much misinformation and negativity here. It really makes me wonder why we bother.

Without signed unified boot images and TPM checks Secure Boot is kinda useless so really why bother...

No it doesn't, unless the Microsoft certificate is distrusted (and yes that's what I do and that's why I support the recent change of distrusting it by default in the newer laptops). But so far all distributions configure their Secure Boot support packages for easy installation, i.e. for compatibility with the default Microsoft certificate, and make it hard to switch to my own keys.

Two examples:

Let's suppose that on this machine I installed Ubuntu. It boots via Microsoft-signed shim. Fedora does this too. But installing a Fedora kernel on my machine, and booting into it (with Ubuntu userspace still), would be an unauthorized change from my perspective - and Secure Boot with the default keys allows this.

Let's suppose that on this machine I installed Arch Linux. To boot Arch Linux with Secure Boot enabled, I would need to add my own keys to the firmware, and sign the unified kernel image. So far so good. But then, unless I explicitly remove the Microsoft certificate, somebody can copy the Fedora boot chain (shim + grub + kernel) to my machine, but with a trojaned initramfs, and (because this ancient system doesn't have a TPM and I am forced to use a passphrase - but look, we are talking about Secure Boot, not TPM, here) steal my LUKS passphrase. This is definitely unauthorized.

Just to reword this: for a security-conscious person, any shim signed by Microsoft is malware (because it can boot grub which can boot a properly-signed kernel with an arbitrary trojaned inintramfs).

I hate the idea, but they could at least add a "Don't show this again" checkbox so the user doesn't have to mess with gsettings. Of course, it's GNOME and they can't add a feature without making it user unfriendly.

I won't be happy until Gnome implements the Cortana voice assistant and forces users to beg the desktop environment to do a full restart into uefi/bios.

"Please let me change my uefi settings Gnome..."
"I'm sorry Dave, I'm afraid I can't do that"

I hate the idea of giving the user a false sense of security. Once Linux distros get their act together and start signing all system binaries, then we can have a conversation.

It looks like GNOME devs will add the most unimportant features instead of doing something about a certain 18 year old issue.