I predict that this will blow over, and won't be a big deal in a few years time once FOSS drivers for what is effectively just a new breed of TPM are released.
If in five years, it turns out I was wrong, I'll eat my hat. Although defining "my hat" by then might be difficult, as it'll probably be subscription based.
The trend for security in desktop computing that's pushed by these large companies is to, over time, approach similar levels of lock down that mobile devices currently have. Both Windows and macOS are approaching the iOS security model that depends on manufacturers blessing what software can run on their products, and banning software they don't want users to run.
For example, with Defender on Windows and Gatekeeper on macOS, developers need to buy certificates from Microsoft and Apple's partners in order to distribute and run their software on users' desktop computers. If developers want their software to run on Windows or macOS, they need to remain in good standing with Microsoft or Apple. If Microsoft or Apple decides they don't like you or your app, all they need to do is to revoke your signing certificate, and Defender and Gatekeeper won't let your software run on Windows or macOS. That, or they can choose to no longer renew your certificates after they expire.
That's been said for years, and hasn't held true. I can boot a Linux kernel on my M1 macbook. Apple could easily have locked it down in exactly the same manner as their iOS/iPadOS devices, yet chose not to. I can still install whatever I want. The default state of the system has a locked down root volume. And the default behaviour is not to install untrusted software, unless you jump through a couple of hoops. Those are good defaults. Those are damn good defaults for most people. If you're running untrusted code in your webbrowser all day long, you want your base system to be as unmalleable as possible, and as untrusting as possible to third party code. But I can still work around that with almost no hassle. Homebrew still installs software as easily as it used to nearly a decade ago; it just might need the occasional --no-quarantine flag for unsigned software.
Even recently they appeared to have actively assisted in the running on non-macOS operating systems on their hardware: removing the requirement for kernel images to be in mach-O format[1].
[1]: https://twitter.com/marcan42/status/1471799568807636994
> That's been said for years, and hasn't held true.
It certainly has. Unsigned binaries were recently deprecated entirely on M1 Macs. Microsoft even released versions of the Surface that can only run Windows and only run apps blessed by Microsoft. With each iteration on these products, the screws are tightened a bit more.
Software freedom is not just about being able to run Linux. Most Mac users buy Macs because of macOS and its integrations, running Linux doesn't help them out. Software freedom on macOS definitely does, though. As it stands, that freedom has been chipped away at with new releases of Apple's software and hardware.
For example, I'm the author of several open source utilities for macOS. Users had no problem using the utilities a few years ago, but because they're unsigned or not Notarized, macOS tricks users into thinking that they're either broken or malicious. Even self-signing the apps has macOS treating them as if they're radioactive. Users don't understand the scary signing and certificate alerts, so they end up thinking they've downloaded malware. The solution to this is to pay Apple $100 every year, and then regularly have them scan and approve of the apps via Notarization. That's antithetical to software freedom. Regular users who want to use un-Notarized software are left frightened and without having their needs met. Software freedom is important for everyone, not just developers and power users.
Except bins signed by self-signed certs are still treated basically the same as unsigned binaries were before.