I think I understand why you are offended by this sentence and I’m with you on the benefits of user freedom.
For the first part, yes, technically only the bootloader has to be signed, after that the bootloader is trusted and should do “the right thing”.
What I meant was that manually entering the BIOS after an upgrade of the thing you want to boot into (e.g. grub) is not an option for computers that you can’t easily access physically, especially in large numbers and located somewhere other than your home. IMHO the system is not “silly”, but works well in these scenarios. I agree, that it is not designed to be convenient for end users.
I think I understand why you are offended by this sentence and I’m with you on the benefits of user freedom.
For the first part, yes, technically only the bootloader has to be signed, after that the bootloader is trusted and should do “the right thing”.
What I meant was that manually entering the BIOS after an upgrade of the thing you want to boot into (e.g. grub) is not an option for computers that you can’t easily access physically, especially in large numbers and located somewhere other than your home. IMHO the system is not “silly”, but works well in these scenarios. I agree, that it is not designed to be convenient for end users.