Microsoft refuses to sign GRUB but apparently they'll happily sign malicious bootkits if you pay them
It’s Microsoft’s new (not really), super-secure technology called TrustUs! Just TrustUs to do what’s best.
or asked nicely enough by diverse government entities
> As Smolár dug further, he found that reloader.efi was present not only in Howyar’s SysReturn, but also in recovery software from six other suppliers
They shared it around? Licensed it to each other? They obviously knew what they had.