Re: Lenovo
Yes, it's presumably called shimboot because it uses a shim to boot. I am not familiar with the specific reference you're making, but there's nothing nefarious or sinister about using a shim, and it doesn't have to do with AMD and Intel executives meeting in dark rooms with Microsoft executives to plan how to screw their customers.
Microsoft required Secure Boot as an option with the beginning of the Windows 8 era. When you're the 800 lb. gorilla in the room, you can demand things like this and expect results. If Secure Boot was in and of itself bad, I'd be carrying a torch and pitchfork myself; I have no love for Microsoft, and I gave up Windows more than a year ago.
When the Windows OS is installed (generally by the OEM), it installs its signed bootloader. When the OS boots, it looks for the bootloader signed with its Microsoft keys, validates it with the keys stored in the UEFI image, and if they are not valid (like if the bootloader has been altered), it refuses to boot. It's a joint effort between the UEFI firmware and the OS; both have to be Secure Boot enabled for it to work.
Other OS vendors are free to do the same thing and sign their own bootloaders with their own keys, and they have. The only thing is that the OEMs and/or firmware vendors don't think it's worth their while to include the non-MS keys in the UEFI image to be able to validate the bootloaders. Each major Linux distro has its own keys, and while some (Mint, KDE Neon, etc.) use the same bootloader and keys as their upstream (Ubuntu, in this case), others don't, and this entire array of bootloader keys, along with the distros that don't do secure boot, collectively make up 2% of the PC market, as opposed to Microsoft's 88%.
This is why distros like Ubuntu use a shim. The shim has the Microsoft signature, so Secure Boot even without the Ubuntu key in the firmware works, and the shim looks for the Ubuntu signature in its bootloader, then chainloads it if everything is in order.
That's why Microsoft is in the loop when we're talking about installing OSes that have nothing to do with Microsoft. It allows OS vendors like Canonical to use secure boot with hardware that only looks for the Microsoft key.
I imagine that Microsoft's motivation for assisting Ubuntu and other Linux distros that have MS-signed shims is to avoid any more anti-trust scrutiny than they already deserve. I don't think for a moment MS does it to be nice, but the point is that they do allow the MS signature to be used to load non-MS operating systems, so users of Ubuntu and other major distros that have these shims can benefit from Secure Boot on any PC that has it (since they all work with MS keys).
Of course, if you don't want to mess with any of this, you can just turn secure boot OFF and not worry about it. I wouldn't accept a PC that will not allow me to disable secure boot, but its mere presence isn't an affront to me either. I use it on all of my Linux machines new enough to have the capability (my desktop has UEFI but no support for Secure Boot). If something changes my bootloader without my knowledge, I want it to stop and tell me something has gone wrong rather than just loading some rootkit (which is something of a shim itself!) and pretending everything is fine. And if Microsoft ever does what the pessimists fear and one day stops signing Linux shims, I can just turn secure boot off.