There have been devices that forbid disabling SecureBoot or enrolling your own keys, and only boot loaders that microsoft signed are allowed to boot.
Further, I’ve seen systems that have a setting to not allow the non-microsoft stuff to boot, even if signed by the usual secureboot authority. So there may be a device out there hard set to only allow microsoft software to boot.
You know what Microsoft doesn’t have to allow you? Install Linux on your own device!
There have been devices that forbid disabling SecureBoot or enrolling your own keys, and only boot loaders that microsoft signed are allowed to boot.
Further, I’ve seen systems that have a setting to not allow the non-microsoft stuff to boot, even if signed by the usual secureboot authority. So there may be a device out there hard set to only allow microsoft software to boot.