You can work around it in both cases. SecureBoot will only prevent you from running non-signed boot loaders. If that breaks then you just turn off SecureBoot while you work on the issue (assuming SecureBoot failing isn’t due to a compromised boot loader) and the machine will boot normally minus any data stored in the TPM such as the encryption key. For the encryption key, this is something you are supposed to keep a copy of outside the TPM for scenarios like this. On Windows consumer PCs, this is stored in your Microsoft account or the place you specify when enabling it. For Azure or AD-joined PC’s this can be stored in Azure or AD.

The only ways SecureBoot and encryption will burn you are if there is data stored in the TPM that you don’t have a backup of or way of re-creating, or if the encryption headers on the drive are lost. That said, if you aren’t using a TPM some Windows features will break regardless and if the drive is so messed up that the encryption headers are lost then you’re probably back to backups anyway.

As somebody who often ends up using Reddit like Stackoverflow and in some cases needing the Internet Archive (IA) to find the original post after it’s been deleted or garbled, I think this is a wakeup call for those go to Reddit both to get technical help and to post it. More than ever, Reddit is becoming an unreliable place to find answers for old obscure issues and if they are going to lockout places like the IA then I think it’s time people stopped contributing their solutions to Reddit.

Sounds like this is not the same as S mode but only related to it based on the article. I hope Microsoft kill the cancer that is S mode.