I'm interested in one that can more easily toggle between than the current ones seem to be set up to do.
Right, you want it as a boot-time hotkey kinda thing, rather than a flip-flop in the firmware configuration?
Dunno about that - doesn't seem too important to me. If you often need to dualboot between a legacy OS and a secureboot OS, you're probably enough of a power user that you don't need
SB, so just turn it off... but OK, we might not be able to legacy-boot Windows in the future. OK, that's a valid concern.
So, why not just shim-secureboot the legacy OS? (Or "real-secureboot" it after installing the right keys in your firmware)? You can leave SB enabled, and boot both whatever-restricted Windows as well as whatever other OS you've installed keys for? Sure, it's more work than now, but it's doable.
As long as Microsoft sticks to the things they've promised, and outlined in their current
Windows certification documents. And that ___is___ a big if, IMHO - and I don't take that for granted.
A) Techy people can go through some hoops to continue booting whatever Linux they like on their machine, stopping them complaining
Yup, on x86 anyway - ARM is locked.
And it's not that bad, hoop-wise (for now!). First off, even if you turn off Secure Boot, Win8 will keep booting as happily as it did with SB enabled - you'll just have a bit less system protection. (There's no guarantee that it'll keep behaving this way, though, and one could imagine DRM requiring SB enabled).
Toggling SB on/off depending on booted OS is somewhat annoying if you dualboot and change booted OS a lot. If that's a realy annoyance to you, keep SB enabled, and use a 3rd party SB-signed bootloader (like the Shim I've mentioned a gazillion times by now), and you won't have to disable SB even when booting legacy OSes. You'll be eschewing some safety by not booting a chain of fully trusted drivers, but that's fine with us developer types. And of course there's going to be linuxen around that actually do
have a fully verified boot chain.
B) Non-techy people have little chance to try anything but Windows on their machine, stopping Microsoft worrying
People who are brave enough to attempt installing <whatever> alternative OS - or even booting from a LiveCD - should have no trouble doing the additional tiny step of disabling Secure Boot (or trying a linux distro that has a signed bootloader). I really do not see the problems for this usecase.
Once again, however, I'll have to add the disclaimer that this is how things are looking right now, with the current Win8 logo certification guidelines, et cetera ad nauseam. We should all be weary and wary - but at the same time, we should stick to facts.