Could Canonical be leading its Users slowly into the abyss?

Personally I think signed operating systems are putting all their eggs in one basket when considering boot layer attack. Get attacked and your whole system will be non-loadable and unlikely to be repaired without special(costly) certificate access.