"it won't be certified as "desgned for", or whatever they call it."
I am not talking about MS badging requirements (that's a different topic), I am talking about Secure Boot itself. The current design is cocked. Totally cocked. For example, the authenticode format only allow for a single signature. This means that even if you want to run Fedora, you'll still need the MS keys.
"[MS] worked with Red Hat/Fedora in order to make sure that they have a key to sign their own bootloaders."
Bullshit. Red Hat has to now buy their freedom from MS. Canonical is trying a different approach, but that has it's own issues.
This is exactly what MS want - competition cluster-fucked by a "standard" and some plausible deniability.
Now, with regards to MS's badging service; what "obvious reasons" are there for specifically excluding the user (you know, the owner of the device) from being able to load their own keys on a badged ARM device? If someone buys a badged Win8 ARM unit, they are now an MS hostage too.
The general idea of Secure Boot does offer some benefits. But not in the way it has been done. Now it is just another method for MS to exclude any competition.
It really is time for the regulators to get their whacking sticks out.