UEFI secure boot is fine as long:
- Its allow Hardware Owner (not the hardware vendor) to change the UEFI keys
- hardware owner are allowed to disable the secure boot.
if the UEFI was set to disallow hardware owner to change the key, yes its became a locked system with planned obsolescene in mind.
its interesting that before announcing to build Surface RT themself,
that users must be disallowed to disable secure boot, when secure boot is used in ARM system.
but user should be allowed to disable it on x86-64 system.
"On non-ARM systems, it is required to implement the ability to disable Secure Boot ..."
"On an ARM system, it is forbidden to enable Custom Mode. ... Disabling Secure MUST NOT be possible on ARM systems," Microsoft states.
why the differences?