https://lists.fedoraproject.org/pipe...ne/169341.html (the initial question about Ubuntu's approach)
To summarize - there is considerable scepticism that any approach which doesn't actually make a reasonable attempt to restrict what can be booted using a signed bootloader chain will be viable. Our guys pretty much reckon that if Canonical does go ahead with the plan to just get a generic bootloader signed in such a way that anyone could boot anything with it, that will be revoked quite quickly, or never signed in the first place. I particularly like ajax's take on it - anything formulated as a Futurama quote gets an automatic +10 from me.
edit: my disclaimer about being entirely prepared to be wrong in any situation still applies. The above is only my interpretation of other people's responses to canonical's plans; there are zillions of possible points of failure there, and I certainly don't mean to be read as stating categorically that Canonical's plans are flawed. the people who signed https://lists.ubuntu.com/archives/ub...ne/035445.html are certainly smart cookies who, like matthew and peter, probably know much more about this than me. So don't put too much weight on anything I say when it comes into conflict with any of those. I'm sure we'll find out down the road how everything shakes out.