I asked ~half-month ago in the Q&A section = How to properly install CL in secure boot with custom key managment,, but the topic still has 0 replies.
I agree about not using MS pre-installed keys and using your own - it’s true. But can you give detailed instruction / step-by-step howto for custom keys / efi handling with secure boot.
Your official documentation hasn’t any instruction and basic info about it. What should users know about if even the team os answers are so contradictory.
I don’t want ran to these troubles as described there (Hunting UEFI implants) by indutry experts.
Your arguments sound strange and it’s not clear why then industry giants like Mac (in thier macbooks) or Google with thier chrombooks still uses strong firmware/bootloader/os-image protection.
I cannot use this OS until the information is Сlear*.