Noone asked me, but if you are curious what my take on the recent sbat/SecureBoot kerfuffle is, I'll let you know anyway:

Frankly, I find SecureBoot ultimately pretty uninteresting tech. It casts a very wide net: it basically is a politically charged global allowlist, yet is useful as a very very lose denylist only, because it necessarily contains so so so much stuff. I think the value for security is relatively limited, because it it attempts to be universal, and hence can never be focussed.

Much more interesting is Measured Boot when tying disk encryption to it. Various OSes, including Windows have been supporting this since about forever. And it's so much better: it basically makes no restrictions on what you can run on your PC. All it enforces is: my encrypted disk can only be decrypted if the OS of my choice is booted in the version of my choice. And that's a *way* more powerful concept, because it is *focussed* on your installation, because…

Measured boot can be a powerful technology for users, but it's also an extremely dual-use technology with both good ("trust your software stack and results") and bad ("website trusts that your browser will display ads and not allow copying/saving"; "app trusts that you don't have root on your phone") uses. Doubly so with the possibility of remote attestation.

@josh well, if you open up access to your logs (protected via measurements or not) to players you don't want to use them, it's kinda your own fault. Just don't do that. If you web browser passes quotes of your system to the web, it's a bug in the browser, not a problem of the TPM.

Every computing is dual-use, if you so will, I fail to see why this one should be more or less "dual-use" than anything else.