Secure boot is 100% under the users control. You can load your own keys.

Similarly in Windows you can control which CAs (or individual cettificates) you trust.

They 100% respect the users freedom.

Very much unlike Apple does with gatekeeper.