This is a step forward for most users and not a step backwards for any users. Sure, it would be better to let you enroll your own keys. But as it is you have more options than you have previously, and you as device owner are the only person who can decide between those options - attackers have no more options than they had previously.
Go, buy a Mac, choose freedom, you can do that.
Platforms like T2, which allow only on/off, but not key enrollments, are a step back.
I can't help but think that you're suffering from some kind of IT Stockholm Syndrome, however. Characterizing a secure boot option that only allows MacOS to be booted securely, (with no option to enroll your own keys) as "freedom" sounds to me like characterizing the 2002 Iraqi presidential referendum as a "free election".
Apple's agenda isn't aligned with user freedom. There's no place for the word "freedom" in characterizing Apple. They arguably have a user security and privacy agenda, but they have no user freedom agenda.
With T2: You can boot macOS securely, but everything else is still insecure.
If Apple had denied the option to disable secure boot, and didn't make any affordances to boot other OSes (albeit insecurely), we would indeed have lost freedom. The way they did it, we gained security within the macOS ecosystem without losing any freedom elsewhere.
You can't meaningfully characterize the 2002 Iraqi election as a loss of freedom. You can characterize it as a farce, sure. You can call it evidence that you had no freedom all along. (And if people want to say that the lack of user-enrolled secure boot has been a freedom problem with personal computers since forever, I will certainly agree with them.) But you can't meaningfully say, "We had more freedom before this election, and I want to go back to how things were." So arguments about giving up essential liberty and temporary safety just don't technically make sense. If you don't have essential liberty now, you certainly didn't have it before.
I also think that there will be some users who will choose freely to use macOS because they genuinely believe that's better for their computing freedom, and they're not manifestly wrong in reaching that conclusion (whereas I would be much more skeptical of someone saying "I voted for Saddam because I think he's going to do good things for the country"). As I mentioned there is no competent free software implementation of an OS secure against evil maid attacks, with secure boot and TPM-locked full disk encryption. You can, in theory, fiddle with tpm-tools and cryptsetup and shim (or coreboot?) and build something of your own; I've never seen anyone do it, and I've certainly not seen a distro that provides a one-click option in the installer to do it. macOS on a system with a T2 chip provides this out of the box. Windows with BitLocker does. Chrome OS does. (I suppose Chromium OS does, but doing binary builds of that seems at least as tricky as getting cryptsetup and tpm-tools working.) A user who decides to use a proprietary platform as a tradeoff for knowing that their machine is only running software they've chosen (even though their choices are limited) is not obviously making a mistake.
(I will admit that I have a Chromebook for secure stuff and a normal Debian stable laptop for everyday stuff, and I am considering the purchase of a Mac with a T2 chip, for roughly these reasons. I've wanted to figure out TrouSerS / tpm-tools for years but at this point it's clear I won't get around to it.)
Maybe. What happens when the check box goes away on a future version of MacOS? If my freedom depends entirely on an obscure checkbox rather than the ability to install my own keys, that seems like a thin reed to me.
