Has anyone done any work in all this to address the core issue of microsoft being the only one to put 'core keys' (whatever EUFI calls those) on systems?
If I am manufacturing hardware and don't care about running Windows on it (lets say it's not supported), but would like to be able to do Linux secure boot - can I go to the Linux Foundation for a standard key? Presumably I could add my own, but then I have to get distros to include that key in their bootloaders/kernels? Or can I just provide a corresponding signed version of shim which then separates the rest of the boot process into a different key-space.
What is the time overhead of all this dicking about through multiple bootloaders? If I'm making automotive linux I'm very interested in having secure boot working, but I also have really harsh boot-time requirements. These things seem likely to be in conflict.