As long as signature enforcement in BIOS can be disabled, everything is possible. And it will always be possible to disable it because otherwise someone would sue the hell out of Microsoft, OEM, or both, for not being able to run Linux or other competing OS on a PC they bought.
Given we have one win for a 1000 fails with big companies, and that they clearly don't pay much consequences for their bad actions but benefit a lot from it, I doubt it.
Espacially if this becomes state mendated for national security reasons. Indeed, have you seen anyone been sued for the PRISM program?
In fact, it's already happening: have you seen a lot of things modified in iOS lately? It's super hard, so few people even attempt now.
> have you seen a lot of things modified in iOS lately?
There's an unpatchable bootrom exploit in all devices up to and including the iPhone X. But yes, I agree with your sentiment.
Though one thing to keep in mind: phones and tablets are content-consumption devices and they have historically been locked down for about as long as they existed. Computers are productivity devices. You may want to multi-boot 10 different operating systems for very practical reasons and no one should prevent you from doing that. Manufacturers understand this. Even the Apple M1 is capable of booting arbitrary, unsigned OSes, despite being a direct descendant of the same line of locked-down SoCs used in iPhones and iPads.
