why not a printed key?
Given that a number of infections occur in the supply chain, witness for instance the number of blank USB keys with malware, I can see why "leaving the wound exposed" until it gets to customer is a bit of a no-no. This is even worse, expecting the end customer to "close" without risk of infection or error.
Why it cannot have the relevant key, or a link to the relevant key, printed on pretty holographic paper, so that Linux or whatever would be able to sign itself against a permitted key (i.e. held, but not used by windows). The link aspect would allow the PC-maker to know that the seal has been broken, and it is no longer expected to guarantee its secure boot mechanism, or more importantly, that expectation IS there for the "regular" customers.