Think of form factors like the iPod Touch. There's no way you can wedge a jumper in there without disrupting the physical robustness of the design. My guess is that UEFI will be with us for 20 years, and I'd expect a lot more form fators like the iPod Touch and a lot fewer desktops.
Unrelated, printing the key fingerprint prior to enrolment is useful and should be required. But it's a raising the bar thing: an attacker generates keypairs until the fingerprint looks roughly like a real one.
It would also be worthwhile having fields for manufacturer names, product brands and the like, not because these can't be faked, but to give as many legal grounds as possible for takedown notices and prosecution.
Re: what about custom keys?
Unrelated, printing the key fingerprint prior to enrolment is useful and should be required. But it's a raising the bar thing: an attacker generates keypairs until the fingerprint looks roughly like a real one.
It would also be worthwhile having fields for manufacturer names, product brands and the like, not because these can't be faked, but to give as many legal grounds as possible for takedown notices and prosecution.