From the first post in this chain
That said, I've always just enrolled my own keys. I know some other distros that make you enroll their keys as well like Bazzite. At least that way you don't depend on Microsoft's keys and shim or anything, clean proper secure boot straight into UKI.
I didn't start talking about it, this was many comments above
Yep, you need a pin for your TPM to be safe. Here's a proof of concept of someone unlocking Linux systems without TPM pin.
https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock/
I don't think you understand what "enrolling your own keys" means in the context of Secure Boot.
The key affected here is specifically for the Linux shim signed by Microsoft. It is used by GRUB and some distros to work with Secure Boot.
Enrolling your own key means you add a new certificate to the key store. This is completely separate from the one provided by Microsoft and controlled only by you. The common recommendation is to remove all built-in keys and only add your own, to make this system as secure as possible.
I'd wait a bit more. As the article says, Canonical recently also upped the RISC-V requirements for their 26.04 LTS and this SBC doesn't meet those.
Even funhole is blocked by Lunduke
whomst
Is there a list of certified manufacturers/devices somewhere?
I couldn't find anything on the page for the certification, only steps to contact them.
I don't think Microsoft cares
A few years ago Windows invented a new sleep state, s0ix, instead of the previous s3 state. This makes a laptop behave more like a phone, able to wake up when it receives new data.
Unfortunately this is usually implemented badly and also causing the removal or neglect of previously reliable s3 sleep.
And then they only deliver up to 720p because your device hasn't been blessed by capitalism