I must have a thousand questions. I'm making one comment per question as that seems reasonable. Posted in no particular order. As of 2026-02-25 I have 22 questions.

I typed up all these questions not knowing there was a February AMA. I'll have to watch that later to see if any of my questions are answered there.

---

Is there any general practice among OEMs as to how many PKs they maintain? It would seem reasonable for OEMs to not use the exact same PK/keypair across their entire brand because the blast radius of a key compromise/leak will be immense (not if, but when). i.e. one PK per generation, one PK per model, one PK per product line, etc? How does this impact Microsoft's complexity in updating the KEKs?