@schestowitz and to think msft wanted to play heimdall with all kernel land. remember seeing someone in kernel mailing list repeatedly suggest a mechanism that would have msft be keystore or access control for code verification of kernel objects. torvalds and kroah-hartman constantly shot down that suggestion.
@schestowitz even then, if memory serves, linux kernel devs led the decision to support secureboot back when msft was forcing hardware oem to set it, even though the initial design was to prevent linux install on machines. only windows8 was allowed. other free software groups were against it: gnu and openbsd for sure. 2 vs the world, it was.