218
Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
(www.welivesecurity.com)
This is a most excellent place for technology news and articles.
Secure boot does have a revocation mechanism (It's literally how this issue has been mitigated) though.
You can not only load in allowed signatures, you can also load in disallowed ones so even properly signed binaries will get rejected.