alt Hacker News> IMO systems should be shipped in "Setup Mode" by default with no keys preinstalled. On first boot which ever OS you decide to install should be able to enroll its keys.
Nobody wants to "install" an operating system. Computers should come with an OS preinstalled and ready to run. Everything else is a dead letter in terms of the marketplace.
Replies
lacunary • yesterday at 8:01 PM
I have always enjoyed the experience of installing my favorite hobbyist teletype operating system. I think the last time I used a preinstalled on a personal machine was windows 3.1 on a 486.
I was talking about the same "install" that is already done (pre-installed on the drive that is first booted).
Enrolling certs into the UEFI isn't something that needs to be done manually when "Setup Mode" is enabled, the bootloader can automatically enroll them.
This already is a thing with the exception of the ship in "Setup Mode" part. Though some motherboard UEFI implementations are shit (as to be expected) and shit their pants when this happens.
See last paragraph in this section as example: https://www.freedesktop.org/software/systemd/man/latest/syst...