[zaltekk]

> which effectively prevents you from installing linux

This was going to be the state when Microsoft first proposed secure boot. But the backlash lead to (1) being able to disable it and (2) being able to load customer keys.

Are any motherboards actually locked down to where you can't install another OS? My older Gigabyte motherboard, my Thinkpad laptop, and my HP business line desktop all support both of these.

UEFI was definitely a pain point for booting Linux when it was first available. The same Gigabyte motherboard mentioned ended up having it all turned off and just used legacy boot for years. But everything works great with UEFI USB boot installers and the OS. I'd recommend giving it a try again.

I personally use secure boot for Linux through custom keys and a kernel install hook that resigns the EFI+kernel+initramfs+cmdline blob. It's quite nice in combination with LUKS unlocked by TPM2 (similar to Bitlocker). Secure boot actually lets you be more selective in which PCRs to verify for LUKS unlocking, meaning it's much less fragile during updates.