While I agree at face value this is way over the top.
Isn't one solution as simple as OEMs putting a motherboard jumper switch
their PC that enables disabling the requirement for a signed OS/bootloader?
That may not prevent the issue occurring in dual boot scenarios, but it
would still give
Isn't this possibly all a storm in a teacup, at this early stage...??
I can see a perfectly legitimate corporate use case for supplying PCs locked at
BIOS level so they can't boot anything other than an SOE-approved and digitally
signed OS image. This will remove the ability for corporate PCs