> Why, if you dont mind my asking?

Because I care that I'm secure, but I don't care that my computer isn't secure from me.

> how long would you expect Microsoft to write updates for computers with insecure boot chains, and secure boot chains?

Forever, because the same code works for both unless they go out of their way to do extra work for it not to.

> How much should they spend on mitigations for classes of attack that you can shut down just by updating?

There are basically zero attacks against ordinary consumers that SB/TPM protect from. The kinds of attacks regular people need to worry about are resolved through regular updates that don't need those things.

> Why would they risk being seen to support a platform, that they consider a potential vector of incredibly bad PR, just for end user convenience?

What are you talking about? There's no bad PR in allowing SB/TPM to be off. The bad PR comes from requiring them to be on.

> They have been browbeaten into being extremely security conscious, especially after the SMB stuff.

SB/TPM aren't actual security. They're DRM masquerading as security.

> Personally, my Win 10 laptops are becoming Debian laptops as god intended.

That's good, but it doesn't invalidate any of the above.

For secure boot and TPM, I'm not worried about someone breaking into my house and hacking my bios. I'm worried about getting a virus. Secure boot is useless but updates are important.

For bitlocker, I like it. But I use the password version that doesn't need any particular hardware.

How long do I expect updates? Well for starters, not even ten years of support for processors that were state of the art in 2018 is very bad. And windows 10 stopped being the newest option in 2021, so would ten years from that be so burdensome for security updates?

And no it's not a PR risk to release updates for windows 10. You don't need to stretch that hard, please.