The answer to that might be not to buy ARM for handling your data

If manufacturers go this route, the counter is obvious: boycott their hardware, the same way I refuse to buy a smartphone because I distrust not only their software but also their firmware. Some will be hacked and jailbroken, some will get mod chips, but why bother so long as hardware that can be freely used exists, even if you have to buy it used. There are enough Linux users who don't like walled gardens to make a "RHEL-only" device a dud on the sales floor, and if they want to use Linux moving any part of the kernel that they simply HAVE to use to GPL 3 would shut them down outright. Too bad relicensing the entire kernel under GPL3 would be such a quagmire...

Yep. Almost the only way the Linux community have any influence on the hardware is by "wallet voting". The hardware vendors doesn't care about online pleas or open source, they only care about money and competitive advantages over their competitors.

Back in the old days there was very limited Linux hardware support, that meant Linux buyers just had to buy from a limited selection; but when Linux adoption grew, that suddenly meant substantial extra sales of certain hardware, that again meant more vendor Linux support in order to gain market shares etc.

The bad thing is that some of the "lock down" mechanisms are mandated by Microsoft, the hardware vendors have no choice but to support secure UEFI boot if they want to run MS software.
So traditional "wallet voting" doesn't help against the concept as a whole since it isn't a consumer choice, but decided by business contracts.

I think the Linux community needs to discuss the concept of signed booting and trusted computing. My own take on the subject is, that since we can no longer avoid it on the hardware, boycotting the concept doesn't work. We may as well use the good parts for our benefit and see if we can pressure hardware vendors and standard committees to support the Linux way of using it.

While the technical details may be many, I think most Linux users (and computer users in general), would say, that whatever the solution is, it should leave the end user in total control whether to use the secure facilities or not.

If a machine can't be unlocked, that means it's bricked to me

The only products that lack an option to say NO are food and water. if industry requires all computers to be locked so well we can't crack them, we still have the options to buy used or buy nothing. Just like I choose not to have a smartphone and not to be on Facebook, I can also choose not to have a computer if I can't get one that works for me instead of working for Hollywood and the FBI.

For me, it's OK to have to crack the BIOS/UEFI or even have to force-flash new firmware with a Bus Pirate, but not OK to have a machine that can't be cracked by any means unless it's the test subject for the cracking research itself. It must either have the option to disable secure boot, the option to use my keys, or a crack against it-one of the three. If any machine that can run Linux without having to be actively cracked is on the market, that renders all that require cracking uncompetitive in my book as well. I do not demand support, but I DO demand tolerance and no active interference, such as that code in one vendor's UEFI implementation that looks for a boot image named either for Windows or RHEL. That code will run any bootloader given the correct string name, but I would not pay a penny for the board on the grounds of not rewarding active interference.

The day Microsoft announces that it will be required for motherboards to be hard-locked against any other OS to be able to boot Windoze is the day I stockpile the last generation of AMD hardware not to support that requirement. Since I don't play pay games, watch pay movies, or deal in 4K content, there is no reason for me to ever need new hardware unless what I have is stolen in a police raid or by burglars, or dies from electromigration. There should be plenty of Bulldozer, Piledriver, and Phenom II stuff on Ebay for years to come, so Microsoft and Apple can go to hell. With luck the locked boards get cracked and remain usable, but I'm not betting anything important on that.

I don't need to connect to a new style "secure Internet" since I don't bank online or use paid services like Netflix. In fact, over a decade ago there was a bill that went nowhere in the US Congress to require secure boot to a drm-supporting, approved OS as a condition of legal connection to the Internet. That would have been defeated by dial-up services over voice lines, faster services tunneled as encrypted packets through "approved" machines treated as untrusted routers and looking like a corporate VPN to the telcos, and of course by good old fashioned flash drive filesharing: Hollywood's old digital audio tape nightmare returning.

There are good reasons I never throw away operable Pentium 4 or later hardware, and the current industry talk of walled gardens is one of them.

What's wrong with german cars? I guess everyone has a preference, but seems odd to exclude based on country of origin.

They cannot. To be secure, the signing verification has to be done from the hardware up, so it depends on the hardware provider if you own the keys or not.

But locked bootloaders have existed for linux for ages (android phones), so the situation cannot go worse. On the other hand, knowing cryptographically, as a consumer, what you run on your computer is still pretty difficult sometimes, so the situation can certainly get better.

Nothing. They are the best cars in the world, unlike US cars which nobody likes (US motor industry is dead for a reason).
And soon non-systemd distros become Detroit.

Systemd can't turn open source into closed source and is itself FOSS

Keep in mind, any distro with open source, even one of "signed filesystem images," could be rebuilt from the source to ignore signatures or replace keys with the uses, for use on unlocked hardware. It would be like having the source code for the firmware of a locked system, plus a Bus Pirate to forcibly reflash it with your hacked version. I suspect even an iPhone could be unlocked if the source code for the firmware was leaked.

I do believe that as a community FOSS software authors should refuse to assist in the development of locked throwaway junk, anything likely to be desired for such a system should be licensed under GLP3 to explicitly forbid its use by these OEMs. If they are going to treat the owners of devices as black hats, than we should treat the makers of tivoised hardware as freeloading, code-mooching parasites.

Speaking of that, I just thought of a way to prevent use of the kernel by the makers of tivoised devices without relicensing it: move some key functionality needed to start it to GRUB and copy it into all other Linux bootloaders willing to be licensed under the GPL3. Only that code would have to be relicensed. Make enough changes that cutting and pasting GPL 2 code from an older version won't work.

It would still need to be properly signed once compiled in order to get it past the existing bootloader and/or firmware checks.

Has Linus ever personally spoke out against tivoization? From what I gather, preventing such things has never been one of his goals, but I can't speak to that with any confidence.

Linus says in debconf 2014 that he personaly does not like tivoization. But the social contract he pretends for the kernel is giving and receiving the source code. The trivoization clause seams to prevent that.

I was talking about the FIRMWARE source code

If it was iPhone firmware being hacked, recompiled from leaked source, and force-flashed by an external "bus pirate" device, the firmware checks would be what was removed, allowing any bootloader to be used that supported the processor in question, thus any operating system compiled to that architecture. Actually, the compiler might be a bigger problem: does anyone know exactly what architecture (presumably some kind of ARM) Apple is using?