Secureboot uses the TPM (Trusted Platform Module) to store keys to signed bootloaders (the windows bootloader for example), and then tells the BIOS to not run unsigned bootloaders.
Dual booting is when you install multiple OSs on your system. the most common dual boot configuration is windows and linux. unless you run stock ubuntu, your Linux bootloader is not signed and will not function with secureboot enabled.
as seen in another post here its possible to hack the TPM requirement off, but for how long will this work? temporary fixes, especially security hacks, never last long and are patched quickly.
My recommendation to everyone who doesn't want to be locked out is Virtual machines. Virtualize your windows using QEMU/KVM. libvirt makes it really easy nowadays.
Sounds like the main problem here is that those Linux distros aren't catching up to new standards, no? Maybe on NVIDIA too for not supporting Linux very well.
Maybe Microsoft is pushing it too fast, but then again, Secure Boot has existed for more than a decade at this point. You don't have the "freedom" to run a 64-bit OS on a 32-bit machine, how is this different?
I don't think that's a fair comparison. You don't have the "freedom" to run a 64-bit OS on a 32-bit machine because of unavoidable technical limitations. Secure Boot is something totally arbitrary that's added for the sake of security. It has nothing to do with hardware capabilities. It does not provide any more possibilities, it only locks things down further. UEFI is totally fine, by the way, and UEFI can exist in isolation from Secure Boot.
For starters, Secure Boot isn't just a matter of implementing it on your terms, you go through Microsoft. As taken from the FreeBSD wiki page on Secure Boot:
There's a huge amount of trust and power being vested in a corporation, in that they'll graciously sign the kernel for your operating system so people can use it. I don't think that's healthy centralization.
Additionally, regarding the NVIDIA driver, it's unavoidable. The nature of drivers on Linux is that, if they're modules which aren't part of the kernel itself, you have to build it from source for your kernel, and then because of the nature of SB, you'd have to sign it as well, otherwise it'll get rejected. Sure, the ideal would be if NVIDIA could act like the other manufacturers, make their driver free software, and integrate it into the kernel so it can be pre-signed by your distribution, but they're never gonna do that. And even if that wasn't an issue, you still can't trivially compile and load, e.g., a custom wireless driver for your card. There are security benefits to this but they're ones that are inconsequential for a casual home user, and they just serve to make Linux even more difficult. It deeply punishes anything that comes from a community rather than a corporation.