I just now came across a blog post written by Peter Jones from LAST MONTH on that “Microsoft Secure Boot Golden Key” news reports that is worth reading. Peter owns the Linux shim, so he knows a bit about UEFI’s boot process.
https://blog.uncooperative.org/blog/2016/08/18/secure-boot-failures-and-mitigation/
Especially because I’ve had nearly nothing useful in this blog on this post:
https://firmwaresecurity.com/2016/08/18/more-on-microsoft-uefi-secure-boot-golden-key-news/
https://firmwaresecurity.com/2016/08/11/microsoft-uefi-secure-boot-key-problem/
Also note other articles in Peter’s blog: he makes regular canary posts about the state of his Shim code. I wish all of the boot/firmware code required all contributes to have canaries!
Firmware Security 