Why can't we pay (once) for a signed bootloader which just boots Grub. Then Grub can chainload anything it wants. After all, a signed copy of Windows can still run unsigned applications from within Windows, so why not have a signed bootloader running an unsigned kernel.
From a UEFI perspective, that would be a major "security hole", but who gets to decide when a key is revoked? If there is a microsoft vulnerability for a particular signature, doesn't MS get to be the one to decide to revoke the key?