It would be fine it were only that. The actual problem is that software vendors can and do use Secure Boot to also check if you, the machine's owner, "decided" to "trust" this set of special CAs - and if you did not (and limited your freedom to execute any code you want in any way you want it on your machine in doing so), make the software you bought/licensed from them - or any other software you would like to run on top of these vendors' platforms - refuse to work on your machine.
As example, FaceIT Anti Cheat only works if Secure Boot is enabled. I guess their argument is that they can ensure you only boot genuine Windows and thus they can better check if you've tampered with anything.
well then thats on me and i misunderstood. I thought that with secure boot enabled a tampered operating would not boot and therefore the anti cheat can expect that if secure boot is enabled the os is legit. but yea if secure boot enrollment can be faked then my point doesn't stand anymore.
