It’s not a solution, it’s just a way to prevent people from using your
automatic decryption to get at your data without knowing your credentials. It
won’t stop anyone that is actually determined to get your data.
I’m referring to Microsoft’s Secure Boot signing keys.