I just recently looked into Secure Boot and from my understanding it’s not a Microsoft lock-in. Many Linux distributions are signed with keys that are loaded by default, and advanced users can even add custom signatures to their computer so Secure Boot would accept them. The original fear around Secure Boot was legitimate, but by now we know the worst outcome of it didn’t come to pass.

That said, I did disable it on my new PC because I think the chance of it causing issues is greater than the chance it will actually protect me from bootloader malware, and I’m willing to accept that risk and responsibility.