"Linux administrators will still need the Microsoft Unified Extensible Firmware Interface (UEFI) Third Party Marketplace CA 2011 certificate to utilize Secure Boot with leading Linux distributions. [6]"
Extract from NSA advisory on BlackLotus malware: