Is Microsoft going to dictate that you cannot turn off secure boot or alternatively you won't have the ability to install UEFI keys? There is no evidence for that and a lot of reason to believe that it won't happen. And if they try what will you get? Lots of hacked UEFI implementations.
I can see some organizations insisting on secure boot as policy. However the same organizations are very likely to insist on the ability to install keys as otherwise they cannot upgrade to a security fix for the OS kernel, MS or otherwise. I don't see where Microsoft will be able to force OEMs to omit these features because their large customers including governments are going to write these features as requirements in their purchase contracts.
Why not?
I can see some organizations insisting on secure boot as policy. However the same organizations are very likely to insist on the ability to install keys as otherwise they cannot upgrade to a security fix for the OS kernel, MS or otherwise. I don't see where Microsoft will be able to force OEMs to omit these features because their large customers including governments are going to write these features as requirements in their purchase contracts.
Methinks this is a tempest in a teapot.