I’m in no way a Google fan boy (rather the opposite), but IMHO this is backwards.
We have a (at some levels) shits DRM because of Google providing a semi-secute DRM stack.
If you want to go full DRM, there is no way around a key store, so for most (user) linux installations unachievable.
Without widevine nobody would give a fuck about Linux DRM anyway and Netflix, Amazon and friends would be out of reach for “normal” Linux users.
That said: fuck DRM, fucking cancer.
Absolutely! You don’t get the former (keys) because you can’t get the later (secure render stack) as a “normal” Linux user.
That said, one thing you got technically(!!) wrong:
You can get a secured (stack) and certified (keys) Linux, if you close it up properly… Source: I worked a little bit on one of those, and yes, I’m ashamed, and yes, I’m expecting a bit of hell time for it… Was a fun task though.