In most cases you can put your computer secure boot in setup mode and roll your own keys.
replyUntil they making CA a requirement, then disable changing the CA settings and it defaults to Microsoft. Then you are fucked.
replyThat would make extremely inconvenient if MS ever need to revoke a certificate.
reply