Another issue is some Linux distributions do not support windows UEFI secure boot keys. These distros will not work with it at all as far as I know. The common distros do work, but not all. This is likely going to be an issue for a fair number of people trying to run battlefield 6 on a dual booted system.

Every single distro can be made to boot using Secure Boot, with or without Microsoft Keys.

If you absolutely want to use a bootloader that is signed by Microsoft, then you can use shim-signed that is distributed by Canonical.

If not, with every distro, you can sign your bootloader and UKI or kernel+initramfs using sbctl or another tool, enroll your own Platform Key, and sign your own stuff. You can even enroll Microsoft's KEKs and DB/DBX alongside your own and dual boot Windows without any issue.

# Note: for atomic distros and NixOS, check your distro's documentation.
# Set your UEFI into SetupMode by clearing the keys, and disabling Secure Boot

# Check you are in setup mode
sbctl status

# Create your keys
sbctl create-keys

# Enroll your keys, alongside Microsoft's KEK+DB
sbctl enroll-keys -m

# Sign all that needs to be signed
sbctl verify | sed -E 's|^.* (/.+) is not signed$|sbctl sign -s "\1"|e'

# Check everything is signed
sbctl verify

# Reboot, and re-enable secure boot
systemctl reboot

Your Linux bootloader does not need to be signed by Microsoft. You can use your own keys to sign your Linux bootloader, and Windows doesn't care. Windows doesn't care about the Platform Key, as they change depending on your motherboard/system manufacturer anyway, and it is common for business to deploy their own PK and set the firmware in DeployedMode as part of their harderning procedures. As long as Microsoft's KEKs, DB and DBX are installed, Windows will boot in Secure Boot just fine. You can have your own KEK and DB/DBX for your Linux install.

As long as you use a UEFI bootloader, you can configure Secure Boot. It just requires a little bit of elbow grease and an understanding of the key hierarchy.

I have a dual boot Arch Linux setup, with Secure Boot enabled on both my Linux and Windows installs. LUKS and Bitlocker are also both enabled (on their respective OS) and using a TPM-stored key.

most people won’t have an issue. The point is that some people will have an issue

When you make a choice to run an alternative operating system, you need to understand that not everything will work out of the box like Windows. As in everything in life when you don't go with "the default choice", there will be some friction involved.

Linux is not Windows.

If configuring your Linux install for Secure Boot is too much friction for you: then don't. You don't have to. You can toggle Secure Boot off when you use Linux, and re-enable it whenever you decide to boot in Windows. The setting in your BIOS is not immutable.

There are very good reasons why anti-cheats are now requiring Secure Boot, Measured Boot and HVCI. The requirement isn't coming out of nowhere, and it does provide tangible benefits in making cheating a less attractive proposition. It doesn't stop cheating completely, that would be impossible, but it makes cheats more costly to develop (requiring the use of a vulnerable signed driver that hasn't been blocked by Microsoft yet; a search that will have to be repeated when Microsoft will block the one they find), and makes the cost of getting caught cheating greater due to the use of the non-spoofable TPM EKpub as a hardware ID, requiring a cheater to purchase a new CPU if hardware banned.

While I understand that Secure Boot is not on by default on all machines, it has been a requirement by Microsoft for their hardware certification program since at least 2016.

Yes, there will be edge cases with users who built their own computers having misconfigured something along the way, or system integrators not providing compliant systems, but most systems out there have Secure Boot on, and that has been the case for close to a decade.