I know you are just trolling again, but you truly have no clue what you are talking about. Please educate yourself so that you can troll more productively in the future.

IBM was one of the main contributors and the first company to implement TPM. They also wrote the Linux drivers and software. And they own Red Hat.

I did mention the fact that you may have to keep the Microsoft key and how unfortunate that is, though I didn't spell out the ramifications of it quite the way you did. I also did endorse fully replacing the keys (otherwise how are you going to sign anything, your motherboard vendor definitely didn't give you the private key to their default PK certificate).

SecureBoot isn't perfect, but it's a lot better than nothing.

The shim shouldn't have existed probably, or rather they should have signed only the whole thing.

Still waiting to see someone influential raise a demand for consortium consisting of major OS and hardware vendors that grants keys instead of leaving all control to microsoft

All men want this and it's digusting. Gtk to have thumbnails in it's file picker

There is a lot of over-obsession with security. It's like how you get murdered on windows11 news websites if you still use xp or win7.

Are you people so hostile to secure boot even half way paying attention to what it does, or are you assuming you know because some rando on the Internet told you Microsoft is behind it so it's got to be bad? Have you shoved your head under a rock for the past 5 years on Linux security? If so maybe it'll hit you on the skull and knock some sense into you, cuz it seems that's the only way some of you are going to learn. Linux by itself is no more secure than any other OS, and probably significantly less so than a few I can name.

Most viable Linux malwares out there are designed to achieve persistence via installing kernel modules. What does secure boot defend against when properly implemented? Compromising the running kernel and kernel modules. No it's not designed to secure against malicious user space software, there are other tools to handle that. What user and kernel space can't manage is to make sure its own boot process isn't compromised! That's ALL that secure boot does and what it's meant to do - and it works. Can it be bypassed? Absolutely. Is it easy to bypass? No. You have to replace the firmware and/or keys to do so. That's a non-trivial exploit.

It stops anyone without signed kernel and module packages from successfully booting a compromised kernel and that's going to be most attackers using this vector. It's only a tool and it serves a single purpose, not the end all and be all of PC security - no one with half a brain would have thought it to be so. So stop acting like security is some monolithic monument that you plop down in a computer that cures all ills at once and all tools must do all things or it's somehow useless. Security doesn't work that way.

Now that's said there are some things that could be improved. I do wonder how System76 is going to handle this option since afaict, Pop! doesn't implement secure boot compatibility but relies on Gnome for its environment.

I take it you are unaware that you can choose to enroll your own signing key and use it for the modules you build? Or just disable the warning should you choose that. You have many other choices too.

I would say Linux is indeed significantly less secure than at least Microsoft Windows.