It has their uses. If, for example, a company wants to issue fleet computers to workers or school to students, you want to have secure boot on those devices to prevent tampering. Secure boot makes it so that physical access is not the end all of security.

If you own the computer yourself, you "ought" to be able to turn off these measures in a way that is undetectable. Being unable to do so would be the red line imho - and looking at those hypervisor cracks available, it's not quite being crossed. The pessimistic, but realistic future prediction is that various media companies would want and lobby for machines to have unbreakable enclaves for which they can "trust" to DRM your machine, and it's just boiling the frog right now. Windows 11's new TPM requirement is testament to that.

Switch to linux asap - that's about the only thing a consumer is capable of doing.

it is stupid to turn it off. It is incredibly easy to infect your system components without your knowning.

that being said, it does assume a certain trust in firmware vendors / oems. If you dont trust those, then dont buy from them.

i think for most ppl trusting OEM or trusting rando from interwebz with a custom hypervisor and requirement to cripple my system security are totally different things ..

u know they could actually make theyr HV support secure boot etc. to do it properly and have ur system run the cracks but not have gaping holes left by them -_-. lazy.

It would work just as well if the instructions instead told you to enrol your own key and sign the cracks. Those instructions just aren't as popular.

Having an operating system purposefully allow support to installing rootkits should clearly be a bad idea. It shouldn't be surprising you have to turn off security features to install a rootkit.

Cheap take