Putting the whole process on some website just opens you up to attacks on that website. An enterprising cracker might find a way to inject code into the signing program website and freely generate as many shims with new keys as he wants and permanently topple the house of cards that is secure boot.
The cynic in me says MSFT recognizes that there is money to be made in selling secure boot keys to malware authors and then revoking them a month later, and they want to automate the process so they can maximize the revenue stream.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds