Preventing downgrades would surely be quite simple: embed a sequence number in the signature and have the BIOS require special measures (confirmation, disabling Secure Boot, re-loading the key, whatever) to run software with an earlier sequence number than the highest one already seen for that signing key?

Perhaps someone with the ear of the standardisation committee should suggest it?