Why would Linux accept patches from Oracle? Oracle is just going to sue them for using their intellectual property. They've fully established they hate it when anyone uses their products, just like how AT&T wanted nothing more than for nobody to ever use UNIX.

How is Trenchboot different to UEFI Secure Boot?

On my UEFI computer the only keys installed are from Microsoft and Ubuntu boots with keys signed from Microsoft, so I can't run the daily kernel builds without disabling UEFI Secure Boot.
There seems to be no way to disable a key without deleting it.
It is not obvious how to install keys, nor does it seem to exist any tool that does it for you without you doing it manually from the UEFI setup screen. I am not aware of any manufacturer or operating system or distribution with their own keys.

Considering all the Meltdown, Spectre, and related vulnerabilities in CPUs, I don't really feel like any of this secure/trusted boot technology makes me feel any more secure.

Oh noes. My poor, poor BTRFS root.

Trenchboot required hardware validation, and a TPM, but can verify every part of the boot process including config files and initrd.

If I recall correctly with secure boot, custom keys are possible, but you essentially need to restart of certificate chain with your own PEK.

And I agree regarding meltdown, it's like double deadbolts on the front door while the basement window is unlocked and cracked open.