> UEFI is introduced by Microsoft to fight Windows piracy
I'm not sure how that's supposed to work, uEFI isn't TPM and provides no way to validate a license key or enforce DRM, it's really only useful for preventing malware from modifying the boot process.
It would have been nice if mjg59's proposal for automatic key enrollment would have gotten some traction because that could have been the mechanism to become independent of the MS signing infrastructure. IIUC the problem here is that the key signing through MS is made to fit MS existing tooling for signing PE binaries, which is understandable, but it seems to me the solution is to build an alternate signing infrastructure that works the way we want, within the constraints of the uEFI standard. Maybe it would be even better to modify the uEFI SecureBoot standard to do more exactly what we want but it might be too late for that as the current standard is now widely shipping and can't be changed. Maybe can't be changed for 20+ years.