What is the situation today, does it provide security benefits?
Does fTPM provide benefits?
I also don’t know how to interpret this.
Because the Secure Boot key is available locally on your computer, (by default it’s in /etc/pki/akmods) you might need to consider encrypting your rootfs as appropriate in order to protect the key. Please consider this as a mandatory requirement Howto/Secure Boot - RPM Fusion
What am I protecting the key from? A person with physical access to the computer? Malware that gets run on the same computer (seems unlikely because how would encrypting root, that would be decrypted during use help)?
My analysis still stands. Once we have main stream support for UKI, unified kernel images, in Fedora then secure boot will have value.
Recent changes in systemd UKI support are promising as is work Redhat is doing. I have not seen any change proposal for f42 to support UKI for normal installs yet.
FDE protects against physical disk access (I always use it). That is clear. Can you confirm that this is also what’s meant in the quote from RPM Fusion as that’s the part I was confused by?