First they invented SecureBoot, but that was OK, because you could turn it off.
Then they prevented disabling it, but that was OK, because several non-Windows bootloaders are signed.
Next up will be refusing to sign the boot loaders which simply disable SecureBoot and load Linux/*BSD. That will be OK, because Ubuntu is properly signed including the kernel (I think).
After that it will only be certain commercial vendors who can get a certificate, but that will be OK, because Red Hat Enterprise Linux 8 will run, only allowing signed kernel modules.
Yes I hate slippery slope arguments too.