I tend to think the SecureBoot isn't really a grand conspiracy. You can't realistically expect end users to be in charge of keys. So MS does what's best for itself. The problem is with poor implementations by vendors that don't support self signing, and in some cases don't even support disabling secure boot.
>"You can't realistically expect end users to be in charge of keys."
Not but the OEM vendors and not MS should be the owner of the sole PK allowed in the engine. MS doesn't make the hardware yet they are in charge of it. I think that's the issue, it has nothing to do with a grand conspiracy.
