Pros and cons of disabling the default Microsoft key:
(Assuming you have secure boot enabled, and want the security that comes from that)
pros:
- You control your own key and have full choice over what software can start up on your computer, software cannot be approved by anybody else.
- Your secure boot security model is not vulnerable to the risk of booting 3rd party software with known security vulnerabilities.
- Sophisticated attackers with physical access to your computer cannot carry out an evil maid attack on your computer and convince it to trick you or steal your data.
cons:
- You need to have software installed to manage the key. There is software available for Ubuntu and NixOS.
- There are many buggy UEFI implementations out there that require the Microsoft key to load built-in oproms during standard boot, potentially bricking your computer.
- Software that gains root access to your computer could steal your signing key, potentially negating the benefits of secure boot against non-evil maid attacks.
not before the studios are purged, unfortunately