If OA3Tool.exe leaks, can't we then submit our own key/hwhash to MS' servers? EDIT: And why is the whole UEFI circus required? Can't OEMS just give the hardware hashes of all the manufactured machines to MS? It's simpler and just as safe I think, but without the UEFI stuff. And then just use the default key (only because windows freaks out without key installed).