Let's say I got a notebook with a new AMD/Nvidia graphics card which I intend to run with the graphics driver blobs (fglrx and ForceWare) and a Broadcom wifi card which is only supported by the prorprietary wl driver.
How will these blobs get signed? During the installation process? Or are there any tricks / hoops to jump through so that the installation will go through and the modules loaded properly?
Anyway, this support in the kernel is just another feature. Just like other security features, they can be used to lock-down what users can do. The real threat to this comes from the Motherboard/BIOS, if we can't load our own keys into it. If we can do that, they we can always just recompile the Linux Kernel.
I wonder if this is to secure computers to make it more secure or to lock down appliances to prevent consumers to fiddle with em.
Both. the same technology that allows you to prevent strangers, employees, kids, malware, or whatever to tamper with kernel modules, allows the manufacturer to do the same if they control the boot chain from the earliest level (it's what some of them have been doing for a long time anyway).
Also sees what gQuigs says / links to (although this can be used & abused on systems without BIOS or UEFI too).