I think that it is a mistake to assume that UEFI secure boot will solve the problem.
Systems based on certification authorities are seldom secure. Especially when the authority has little motivation to check things carefully. SSL/TLS is a prominent example of that and there is no reason to believe that secure boot will be better.
I agree that having signed bootloaders and kernels is nice, but the control of what is trusted and what not should be solely in the hands of the owner of the machine, not in hands of a third party (and certainly not of a company which is well known for poor security).