I *think* the suse solution solves the problem. While I can't create a vendor signature, I can create my own signatures and put the key on the authorised list. The fact that I can't actually access the BIOS on one of my computers, for reasons I do not know, makes me think that BIOS only knobs are probably evil.
I would vote for putting my own box together or specifically buying a box where I can use my own kernels, boot loaders, etc. The Alcatel-Lucent content distribution network solution is incompatible with hardware that only runs windows because most sorts of box run Linux :-)
I have not seen an *EFI x86 server or consumer x86-64 hardware yet. Unless that changes soon windows 8 requiring UEFI would the commercial suicide. M$ things can fail: anyone remember active X controls?