Lanzaboote is great, I've been using it for almost a year now in a dual boot with Windows 11 for full secure boot on my desktop. It is quite stable (notably was set and forget) and the initial setup was relatively easy.
Huh, as a Lanaboote user I’m surprised to see this on the front page. I use this in combination with sbctl for key generation. I’m mostly using it because I wanted to set up full disk encryption with TPM2 auth.
Secure boot and TPM are good technologies. You can roll your own keys and Microsoft won't have anything on it.
Do people still think you need to have your boot program signed by Microsoft in order to use it?
I also wonder if this sentiment is what stalled development in other more traditional projects like BSD derivatives. I'd love to have FreeBSD with secure boot and loading ZFS keys from the TPM.
Probably integrating something like sbctl (https://github.com/Foxboron/sbctl#sbctl---secure-boot-manage...) would do the trick, it's making the whole signing and key management dance easy.
Seems to already work together with limine on NixOS too: https://search.nixos.org/options?channel=25.11&query=sbctl#s...
you must not join it, refuse to lockdown your computer
Do people still think you need to have your boot program signed by Microsoft in order to use it?
I also wonder if this sentiment is what stalled development in other more traditional projects like BSD derivatives. I'd love to have FreeBSD with secure boot and loading ZFS keys from the TPM.