In the past, there's been a trickle-down solution where the more-technical people build their own platform and community and it slowly becomes something that less-technical people can do. In this case, that doesn't apply: security is intended to be a blocker to access, and being on the wrong side of that divide must be enforced or it's not security.
For this problem, the Linux Foundation should be paying for a technical advisor to go round the mainboard manufacturers enrolling them in the Linux UEFI Certification Program and supplying them with a signing key which is used in addition to the MS one. The program is created to allow for corporations to build system images with their own platform keys under which they control the entire secure environment. That should be the real motivation for this, with desktop users being secondary beneficiaries. Thus is no extra burden on the non-technical user and such a setup allows UEFI Secure Boot to work as intended.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds