a one-sided conversation doesn't do much at all, you really need a bit of back and forth. disagreement happens everywhere about anything and things like that just gotta be talked about sometimes.
If I went for it I'd need to find a new purpose for the rm2 & also I modded this tablet so I can encrypt my files using gocrypt with the help of toltec (aka custom software). And then the rm2 would be delegated to... not serving my usual tasks anymore. Sounds like an expensive missed opportunity.
the worst thing is when you get cranky about things you really don't need to get cranky about. but every now and then you just notice you don't get the things you wish for and that frankly have no reason to get denied.
And yes like always you also have the option to just turn off Secure Boot. Yes, it will allow malicious bootloaders to just run on your system, but I won't judge if after this you're tired of Secure Boot even more. Trust me, I heard all about it lol.
5. keep eye out for linux OS updates and once a GRUB/shim update comes in delete above registry key from your windows system.
The workaround way if above does not work (this leaves you vulnerable): 1. turn off secure boot 2. boot linux, run: sudo mokutil --set-sbat-policy delete 3. boot windows, run: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD 4. turn on SB
Fix: The correct way - you're on a distro like Ubuntu, Fedora or others where you don't even remember having any Secure Boot issues with before: 1. turn off secure boot 2. boot into linux and install the latest software updates, specifically at least GRUB and shim 3. turn on secure boot again
The policy makes the computer distrust recently found to be exploitable bootloader certificates which allow malicious bootloaders signed with those to run through Secure Boot checks. Windows is not in sync with the updates coming from other Linux distros.