agree its a waste of time, but we pay the paranoid cost is special occasion. it does make breaking FDE just a little bit more annoying/expensive.
the only time it's worth the hassle for we to enable it: travel to the USA, Russia and most of africa (if the country have USA backed airport security, like uganda). pause updates, enable secure boot with a disposable key we don't store anywhere. that on top of the usual FDE with plausible deniability dual boot.
but we still prefer to just fly contributors with blank devices if we can.
the only time it's worth the hassle for we to enable it: travel to the USA, Russia and most of africa (if the country have USA backed airport security, like uganda). pause updates, enable secure boot with a disposable key we don't store anywhere. that on top of the usual FDE with plausible deniability dual boot.
but we still prefer to just fly contributors with blank devices if we can.