I suspect anti trust challenges would quickly happen if the option to disable the secure boot was not available.
I am more interested in making sure we can make our own signed secure boot images and understand how to install deployment keys for our own locked down deployments (enterprise servers/clients or POS cash registers and what not.) What do the signing and key generation tools need to look like? Can we make such tools? What would os updates look like on such deployments?
I think our biggest problem is to get Linux distros installers and boot loaders to "just work" on such uefi systems. I had a hell of a time getting ubuntu 11.04 to install on a Cr48 and in the end I had to just flash a EFI bios that included the compatibility layer.