|Someone wrote in mjg59,|
I can see some organizations insisting on secure boot as policy. However the same organizations are very likely to insist on the ability to install keys as otherwise they cannot upgrade to a security fix for the OS kernel, MS or otherwise. I don't see where Microsoft will be able to force OEMs to omit these features because their large customers including governments are going to write these features as requirements in their purchase contracts.
Methinks this is a tempest in a teapot.