The concept that "the Linux community" could sign a bootloader doesn't seem reasonable to me, and this is a central issue I take with this design. Certificates are basically a "proof of origin" that aligns rather poorly with an ecosystem that is, by its very nature, decentralized. Red Hat could have a certificate. GNU probably could. Maybe all the distros could, individually. But since nobody really owns the source code, and it's problematic to assume anyone owns the binaries as well, signing binaries is just not a sensible approach.
As a Gentoo user, the only binaries I get from my distro are the ones used to boot the live CD for installation. I can then choose to either proceed with a base OS underlay, precompiled (a "stage 3" install), or start from scratch and generate every byte of executable code starting with the C libraries, build system, etc. Either way, GRUB is not delivered as a precompiled package, it's delivered as source. So I would have to be able to sign the resulting binary with "Linux's" key, or go to all the trouble of standing up my own self-signed PKI and exporting that to the UEFI keychain. It's not impossible, so long as the UEFI implementation continues to allow importing new keys, but what am I getting from this?
I really take no issue with UEFI shipping with a handful of root certificates, and identifying the vendor of signed boot loaders through delegation -- ala SSL. I don't necessarily take issue with having, as someone else put it, a mandated spec enforcing the OPTION to refuse to boot unsigned code. I'm also not against the option of requesting the user to authorize booting code that is not signed by a known certificate chain, and then automatically importing its certificate (even self-signed!) and then, on future boots, verifying that certificate has not changed. That would accomplish every bit of the "anti-tampering" goal, and proivide all the claimed benefits the FSF did acknowledge, without taking the authority away from end users.
And, yes, it's very similar to what happens today. Similar, but not exactly the same. The emphasis of today's scheme is the default behavior, and the ambiguity over the future direction of the technology. You chalk up the "there are no guarantees" thing to an apples-to-oranges comparison to life in general, but the reality is, yes there certainly are guarantees. Specifications, roadmaps, and charters, for example. That's not to say nobody has ever broken those promises, but at least there's a good-faith effort to dictate how it will and will not be used to affect choice and market strategies.
I lost all trust in Microsoft when BeOS and Linux both got kicked out of the OEM market because Microsoft strong-armed vendors into staying loyal to Microsoft. The Windows license required using the Window boot loader to remain compliant. The boot loader could not legally (and not even technically, without resorting to shenanigans) be used to boot other OSes. Ergo, the only OS that can be installed is Windows. I do not trust them.