Until Microsoft decides to no longer sign the Linux boot loader shim (for IBM/Red Hat, no less).
In most cases you can put your computer secure boot in setup mode and roll your own keys.
Until they making CA a requirement, then disable changing the CA settings and it defaults to Microsoft. Then you are fucked.
In most cases you can put your computer secure boot in setup mode and roll your own keys.
Until they making CA a requirement, then disable changing the CA settings and it defaults to Microsoft. Then you are fucked.