In a way, this is a nice balance for everyone (:P / /s / I'm sorry to say). Corporate interests get "good effort" security, almost something you could legal distinguish and prosecute for bypassing. And hobbyist users get repeatable workarounds.
It's impressive in attempted scope. I imagine this doesn't affect google's chromebook boot chain. It's really hard to coordinate across vendors.
Apple phone jailbreaks were easy on the iPhone 3, and have slowly gotten harder since then. TPM3 will be stronger than TPM2, but the only way we get there is by making mistakes and learning from them.
For someone doing related work in the open (and least remarkably in the open),
Oxide Computer told some storied about the difficulty of bring up of a new motherboard, and mentioned a lot of gotcha details and hack solutions for managing their AMD chip.
They talked about their bring up sequence, boot chain verification on their motherboard, and designing / creating / verifying their hardware root of trust.
I heard mention of this on a podcast recently, trying to find the reference. I'm pretty sure it was [S3]
It's impressive in attempted scope. I imagine this doesn't affect google's chromebook boot chain. It's really hard to coordinate across vendors.