[drdaeman]

IIRC, Secure Boot spec said there must be multiple trust anchors, i.e. it's not like "user's own or Microsoft", but there can be any combination of trusted CAs (and I bet there's NSAKEY somewhere, huh).

I'm not sure about the implementations and real-world situation, but as far as I get it, with X.509 with Secure Boot generally uses, one should be able put the exact card's vendor certificate (not MS CA root one) to trust the extension card. (Sadly, I think there's no way to trust one specific signature.) I guess that's probably very non-trivial in practice.

At worst, one should be able to put their own CA (to sign their own software) and be forced to add MS CA to trust the third-party software as well. But - if UEFI implementation allows user-defined CAs - it should be possible to run your own code without asking Microsoft's permission.