I, for one, welcome our Microsoft overlords!

Seriously, it's insane and ridicule to depend on them this way.

Well they control the master key for UEFI secure boot so that ship have sailed a long time ago. And forcing end users to install their own keys won't fly with the public at large.

Secure boot/TPM has never prevented me from running GNU/Linux but then again I mostly stick to corporate distros that sign their stuff. As long as secure boot/TPM can be turned off I don't really mind it.

I'm not a lawyer, but, that should be illegal

I don't see how you would find legal standing. Every single motherboard manufacturer are free to install any master key(s) they want (and you as the end user can install your own if you like) but have so far decided to only add the Microsoft one (and Apple the Apple one on mac hw).

SecureBoot causes more problems than it solves.

It's mostly a problem with the community distros that don't have the bandwidth to sign their stuff or just don't want to pay a fee to Microsoft. I would be very surprised if Ubuntu and RHEL didn't work with Secure Boot. I wouldn't at all be surprised if distros like Arch and Gentoo don't work out of the box and require you to add your own keys.

Personally, I'm still of the mind that it's safe to turn off Secure Boot unless you're a relatively high-value target. How often do you hear about people's /boot or firmware getting targeted and triggering a Secure Boot warning? Certainly it does happen but it's not common.

​This is so wrong...
The solution is simple, disable that worthless feature and ur good. Seriously, secure boot doesn't even do anything, it literally only exists as a nuisance.

Even if you're a, as ahrs said "high-value target" you have much bigger problems if someone has the phyhsical access to your pc needed for secure boot to actually do anything; and at that point, a little thing like secure boot isn't gonna stop them, secure boot is a stupid feature to enable by default because you need at bare minimum password protected bios for it to even theoretically do anything for you.

The only exception is if you're dumb enough to be flashing your bios or booting from untrusted sources, at which point secure boot won't save you either, it isn't the cure for stupidity.

Secure Boot should honestly just be named Microsoft Boot, it's more about increasing microsoft's control over average PC users who aren't tech savvy than it is about securing anything.

I think motherboards should be able to have UEFI Secure Boot keys that are pre-installed from factory but disabled by default, so then the user can easily enter the UEFI Setup Screen and enable one of the pre-installed keys.

That way Canonical, Red Hat and SUSE can have their own keys pre-installed.