Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@lucasmz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lucasmz</span></a></span> yes and no..</p><ul><li><p>Yes in that one can just revoke said keys and deploy one's own!</p></li><li><p>No if you can't revoke the preset <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CensorBoot</span></a> keys in your <a href="https://infosec.space/tags/UEFI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UEFI</span></a>.</p></li><li><p>No in that these keys are default and that any revocation is 100% reversibe AFAICT.</p></li><li><p>No in that this would brick <a href="https://infosec.space/tags/Windows10" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows10</span></a>, <a href="https://infosec.space/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows11</span></a> and even some <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> install media.</p></li></ul><p>Personally I'd wish for <a href="https://infosec.space/tags/heads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>heads</span></a> and <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> <a href="https://infosec.space/tags/SelfSigned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfSigned</span></a> code to be the norm providing the user/owner with full control over what is executeable!</p>