As I understand the situation, it will be able to perform a *secure* boot of any signed OS that has the matching keys installed in the firmware.
If the motherboard manufacturer doesn't give you the option to enable a non-secure boot, then you won't be able to boot an unsigned OS, or signed OS that the firmware doesn't have the keys to validate.
I've also seen some discussion about the motherboard manufacturers providing the ability to update the installed keys in the firmware. With this option, you should be able to obtain a generic copy of a Linux (or any other OS) distro, sign it, and install the keys for cert into the firmware and then do a *secure* boot of that OS.
At this point claiming that this will prevent you from ever booting anything but Windows on a Windows PC appears to be FUD. It's possible that a manufacturer could design and ship a motherboard that only has the Windows keys installed, doesn't allow you to select the option of doing a non-secure boot, and doesn't have any provisions for updating the key collection. I'll leave it to you to speculate on the probability that a manufacturer would intentionally paint themselves into that corner.
Thanks for the interesting and thoughtful response. Sounds like you understand the problem domain as well as most in the industry, maybe better. Sounds like the industry hasn’t quite figured out where everything is going to land on this one. Will definitely keep an eye out. Thanks again.