> The cynic in me says MSFT recognizes that there is money to be made in selling secure boot keys to malware authors and then revoking them a month later, and they want to automate the process so they can maximize the revenue stream.
Microsoft doesn't get any money from this. The cash we paid was to Verisign (now Symantec) so that they would certify to Microsoft that we were who we said we were and give us a Verisign certified certificate to prove it.
This is the Linux Foundation's actual certificate subject and issuer:
Subject: C=US, ST=California, L=San Francisco, O=The Linux Foundation, OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=The Linux Foundation