I would advise keeping things civilized and not put anyone in the dirt. I would advise revising direct attacks on the person. Ideas can be attacked. I have no problem with that. I reacted on calls for “dishonesty”.
Bootguard fused OTP against Dasharo keys will be fused soon as an option. I’m trying to not mix things here. Dasharo is not proprietary while still being UEFI but based on reference code and do not suffer from the same supply chain fiasco proprietary UEFI vendors suffer from. Recent history just showd the same thing with Framework looking to engage an in house firmware developer to stop relying on that mess themselves. My 2 cents here are with hope, not throwing knives.
Dasharo with open source UEFI implementation targeting float of computers that will be updated with fwupd even under QubesOS is desirable. But I keep caution and hope 3mdeb will air gap their pirvate keys so MSI similar story won’t dirt them by a leaked key years from now. OTP is One Time Programmable fuses. If Dasharo key leaks, that would be a disaster for the open source firmware ecosystem and I only hope they are doing everything in their power to properly secure that signing key, and I have most hopes they won’t cooperate with government agencies that now will be able to pay big bucks trying to buy their honesty. All of this is possible with Bootguard. That’s a fact and that is all there is. Bootguard is at best convenient vs secure, where Joanna again puts this vocabulary in our heads really hardly and reationally: We don’t like “Secure” marketing words. All there is now is reasonably secure and trustworthy, where of course everyone has the right to choose convenience over trustworthiness, transparency and auditability and transfer of ownership.
Please don’t expect too much of me answering again here. Searching for my past posts should be enough.