Yes, it'd be great to have a firmware that would allow easy key mgmt, removing all existing keys and uploading a local key. Judging from the amount of customization one gets from the big-iron shops when purchasing enough, I presume it'll be possible to get a boat-load of PCs with pre-loaded keys.
Running an "independent" certification authority on the other side will make about 99$ difference to using the Microsoft key. Except for the additional cost this "Foundation" has to shoulder to keep their own key safe.
1 Windows updates on dual-boot machines would still *need* to black-list compromised linux certificates
2 Getting the key onto machines would still be a pain
3 The machines would still not allow to run arbitrary code under secure boot
4 The machines would still be vulnerable to 0-day windows exploits