The minute a Linux vendor sells-out -- like this -- is the minute we're all doomed.

MS will lead them on for a couple of years, and then quietly insist that x86 vendors comply with the same restrictions that ARM vendors have already kowtowed to.

At which point, only Redhat Linux will boot and run. No others. Or at least not until all of the others also sign-up and pay MS for permission to run non-MS software on end-user hardware.

Then, a year or two later, MS will raise the signing fees, and eventually begin blacklisting Linux systems for various "reasons".

By then, it's too late to do anything about the situation.

Much, MUCH better to just not comply from Day-1. Don't pay MS for key-signing. This means that a user has to enter the BIOS *once* to get Linux installed. Big Deal.

Hardware vendors will be loath to ever implement stage-2 as a result -- they'll refuse to disable non-secureboot because it would lock them out of the Linux market.

But if we pay-up to MS on Day-1, then the hardware vendors will not have as big an issue with locking everyone out later on.

Just say NO. This is a very clever MS scheme, and an very bad idea for Redhat to comply.