The final release criterion for Fedora 23 Windows dual boot has an
exemption that reads:
The bootloader entry part of this criterion does not apply when Secure
Boot is enabled (because it has not yet been made to work, and fixing
it is not trivial). cases.
I don't know the provenance of this exemption, but this bug explains
the problem and work around. The gist is that openSUSE has a patch to
avoid using LoadImage so that GRUB can chainload the Windows
bootloader with Secure Boot enabled, and it's been working for years.
The ideal scenario is to fix the problem with LoadImage, but I think
in the meantime it's better to have the work around rather than users
being told to disable Secure Boot.
So I'm wondering if the WG can take this up at their next meeting and
decide when this exemption should be removed.