They give you the keys now. They could change that overnight if they mandate the same "Secure Boot only with a Microsoft key" that they mandated on early ARM devices. Don't be mistaken. They are very much the Don of x86, and when they choose to alter the deal, you'll be SOL.
That's why I consider alternative ecosystems (that don't have exorbitant prices) like RISC-V and Raspberry Pi to be critical to the survival of general-purpose computing. Once your ability to run on bare metal disappears (via Secure Boot or otherwise), you're in grave danger of simply not having physical hardware to convert new users.
I hope the regulations being discussed right now[1] pass and we can just call SecureBoot what it is instead of fearing what it might become (atleast on x86).
That's why I consider alternative ecosystems (that don't have exorbitant prices) like RISC-V and Raspberry Pi to be critical to the survival of general-purpose computing. Once your ability to run on bare metal disappears (via Secure Boot or otherwise), you're in grave danger of simply not having physical hardware to convert new users.