I’m guessing the source for Red Hat having to pay to have the shim signed is “I made it the fuck up”, but even if it was true I’m not going to cry about an IBM subsidiary paying money to give me a free service. And this is all ignoring the fact that I’ve never encountered an x86 motherboard that didn’t let you set your own keys.