M$ controls UEFI Secure Boot for most users through the certificate-signing requirement for EFI bootloaders. Now Red Hat wants to add to this control by blocking the editing of kernel boot parameters, eg the nomodeset parameter that fixes boot problems for proprietary Nvidia and AMD graphics card.
....... Remember, both M$ and Red Hat have enterprises as their cash cows = they do not really care about ordinary consumers or computer dummies.
For the launch of Win 10 in 2015, M$ "decreed" that it was up to the OEMs whether they wanted to allow Secure Boot to be disabled in their new Win 10 computers. Acer has done this since late 2017 ...
Remember, the OEMs are under the thumb of M$ = will likely not allow Secure Boot to be disabled in new Win 10 computers.Certain OEM Win 8.x/10 computers, eg Acer, Asus and HP, have an obstructive or pro-M$ UEFI-BIOS setting for "select an UEFI file as trusted for executing",(= Linux cannot boot). For the fix, please refer to ... https://itsfoss.com/no-bootable-device-found-ubuntu/
viewtopic.php?t=236560
The above latest(= 2017) OEM laptops, eg Acer E and S series, may have even removed this UEFI-BIOS setting(eg "No bootable device" after installing Linux and cannot be fixed), but may be restored by a new BIOS firmware update from the OEMs = update through Windows only. This was after many complaints from affected users. ... viewtopic.php?f=46&t=254948
... Another workaround is ... https://askubuntu.com/questions/862946/ ... re-es1-533
From 2020, Intel will disallow Legacy BIOS in their processors.