The problem is that any bootloader capable of loading more than one (signed) kernel would defeat the purpose of secureboot.
Yes, it would defeat the purpose, because if the boot loader isn't signed, then you could replace the boot loader with one that didn't even worry about signed kernels.
I mean the official purpose, protection against rootkits, not the actual purpose.
The official purpose is to lock down a computer such that you can be assured that it boots off of the intended software. It is not only protection against rootkits, but that is one item it could help with.
The issue now is that there is no way to differentiate between approved software and unapproved software. Signing is an elegant, tried, and stable solution for identifying origin of software. However, signing requries that your keys are distributed with hardware that guarantees it will only work with binaries that can be unlocked with your keys.
Fedora attempted to distribute their keys to all the major motherboard manufacturers; however, even with positive feedback from the hardware manufacturers, it became clear to Fedora that they would not have their keys in every UEFI secure boot system. So they had to make a choice. Either one would need Microsoft Windows as a prerequisite to install Fedora (by launching to Windows and disabling the secure boot system), or they could use a $99 a lifetime key signing portal to sign their bootloader with a key that is guaranteed to be present (due to Microsoft's market presence) so UEFI could boot Fedora install media without launching Windows.
I think Fedora found the right solution, despite the fact that there is a horrible history with Microsoft. After all, the alternative is to require running Microsoft Windows to disable UEFI. Getting an installation boot loader signed once is far less intrusive than requiring a launch of Windows, I mean, you would have to buy a copy of Windows to install Fedora.
Of course, one might argue that PCs ship with the secure boot option of UEFI disabled by default. This still might happen; however, nearly everyone wants the shipped operating system to be the one that boots, so it is not clear how disabling secure boot would assure people that they are booting what they bought.
... not the actual purpose.
Allusion to a sinister purpose without even describing it is blatant fearmongering. There might be a ulterior motive, there might not be an ulterior motive. If you really suspect ulterior motives, have the balls to detail them.
If Microsoft didn't want any other operating system to boot, then they wouldn't even have offered the bootloader signing portal. If they didn't want Linux to boot, then they would have altered the terms of service to be incompatible with the legal protection structure surrounding Linux. They didn't do either, and their price seems so low that I wonder if the service is being offered "at cost".