If the user selects (2) then the unsigned Ubuntu could load a malware infested Windows, but it would be less suspicious to just load a malware infected Ubuntu. Whenever the user attempts to load Windows, they are protected by secure boot as before.
If the goal is instead to protect DRM from the user, then the bootloader should do whatever a "correct" BIOS does when given a self-signed key. That way, if the DRM is broken it can't be blamed on Ubuntu.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds