Hey @DHowett, I was very busy doing other things, but I found some free time this Saturday and I finally managed to rewrite comm-lpc to use WinRing0 and now ectool finally works with Secure Boot enabled:
Implementation details:
Because the internet is full of various versions of WinRing0 of questionable origin and safety, I decided to take a bit of a different approach. Specifically, I rely on a trusted software called Libre Hardware Monitor, which is an open-source C# app that runs an embedded WinRing0 in the background. What I do is that I hijack that and I connect to their WinRing0 while the Libre Hardware Monitor is running. So all that the user needs to do is to download Libre Hardware Monitor, execute it, and leave it running in the background. Then you can use ectool.exe --interface=winring0 <command> and it will use relay the communication.
I will try to publish a fork of your ectool later, so that you can have a look at the code and possibly merge it and republish it yourself.