I think that upstream as failing to understand that the transitivity of trust goes both ways. If MS verifies SUSE shim, and SUSE shim accepts enrollment of Joe Users' key then MS transitively verifies enrollment of Joe Users' key. But if Joe User trusts SUSE shim with his key, and MS to verify that SUSE shim Joe User also transitively trusts that MS key. You could enforce some baroque policies that only allow specific keys to be used for verification of specific things but the kernel does not have infrastructure for storing such key purpose information. Until such infrastructure exists key trust is just binary.