I believe they only provide public keys. That means you can confirm something is signed by Apple, but you cannot sign something with their certificate (Apple keeps the private keys under lock and key, otherwise people could create malicious software and make it all appear like it came from Apple, where it's really virus-laden malware that'll harvest all your data and steal you credit card numbers, etc).
Private key: I generate something and sign it with the private key. Public key: I confirm it was signed by the author.
The T2's problem with Linux is that they aren't trusting Linux distributors' CA or Linux distributors aren't using signing so it won't accept software not signed. I've heard you can boot but not access the built in SSD to install Linux. Alternatively, you can just use virtualization (so you're running MacOS but a Linux virtual machine can run inside MacOS so you have access to the software you need, but it's not perfect, it slows things down, MacOS doesn't have pass-through GPU capability, etc).