If the OS is preinstalled, then as I said presumably the OEM has preloaded
the relevant keys into the BIOS already and the user doesn't care about it. The
only thing the OEM needs to do is make sure that either a) they've used a BIOS
that lets users who want to modify the bootloader enroll their own keys (or
which permits Secure Boot to be disabled so the keys become irrelevant), or b)
generate a signing key that they can provide to the user and sign the bootloader
with it. Note that users who don't modify the bootloader (the vast majority)
won't need to care which approach the OEM used because they won't be doing
anything that'd affect the bootloader, and users who do want to modify the
bootloader can be presumed to be able to enroll keys or sign the bootloader (if
they aren't that's not the OEM's problem, they're required to make what's needed
available, not to hold the user's hand and walk them through the
process).
The only way the OEM gets in a bind is if they're dumb enough
to do something where someone else will have to do something to permit
the OEM to comply with license terms while not getting a written
agreement with that someone else to do what's needed. But then, that's nothing
new. If I sign a contract with you to deliver to you a new car, and the
dealership I was going to buy the car from turns out not to have any in stock, I
don't get to fob you off on the dealer and say "It's the dealer's
responsibility.". [ Reply to This | Parent | # ]
| 
