[citation][nom]back_by_demand[/nom]Here's the thing, why don't they wait until these new SecureBoot systems are in place, then modify the next version of the distro to be compliant with the required standards?Wringing your hands that you are unable to install a 5 year old version of Ubuntu on a cutting edge bit of secure hardware is a bit of a stretch isn't it? Work with the industry, not against it.[/citation]
I'm afraid you (and a lot of the posters here) don't understand the issue. There is no "standard" to be compliant with. The UEFI will contain a public key of Microsoft's. Windows 8 boot files will be signed with the private key of Microsoft's. Some mathematical magic gets done, and if the the proper results on the boot file aren't obtained, it is not allowed to boot. Think of it like a checksum.
These machines will ship with Microsoft's key in the UEFI. That means that boot files that aren't signed with Microsoft's key simply can't boot on the machine. This includes all older versions of Windows! (Which is probably the secret secondary reason Microsoft loves secure boot - Win7 can't become the new XP if Win8 becomes the new Vista).
If the system's motherboard doesn't give the user the ability to turn secure boot off, they can't boot Linux, Windows XP or anything else other than Windows 8 or above. If the user can't change the key(s) in the UEFI, they can't even add keys from Linux vendors like Canonical, Red Hat or Attachmate even if they decided to sign their OS boot files too.
Now do you see the problem?
Here's a key point to consider: Microsoft could not have missed this fact when deciding to require secure boot for Windows 8 logo certification (in effect, forcing all OEMs to include it or perish in the marketplace). If their intentions were solely about protecting Windows from viruses, they could have added the requirement for either secure boot to be turned off and/or the user to add additional keys into the logo requirement. They chose not to. That alone sends a wink-wink, nudge-nudge to OEMs about whether Microsoft wants them to include those features or not. The fact that Microsoft's replies about this issue have been incredibly coy, batting eyelashes and big smirks on their faces as they say they're simply giving maximum freedom to OEMs and complaining that others want PCs to have rootkits also diminishes the benefit of the doubt many initially afforded them. Again, I don't think the motivation is Linux; it's forced upgrade cycles (buy a new PC, be forced to use Win8 and Metro UI because secure boot won't let Win7 run on it - which they can also smirk and wink about and blame the OEM when it happens).
As ZDNet's Adrian Kingsley-Hughes has pointed out, OEMs often do inexplicable things with their BIOSes, including disabling virtual machine extensions with no ability to turn them on in the BIOS. Anyone who has a laptop can probably attest to the fact that most offer unbelievably paltry BIOS settings. Adrian rightly argues that regardless of your OS of choice, you should be able to use the OS you want on a PC you buy, and although he is an (up-to-date version of) Windows user, he signed the petition.
This isn't about fanboyism, and it isn't about secure boot (which is actually a nice feature). It's about giving up control about what can boot on your system (including drivers) to another company. All of the claims that "OEMs surely won't..." are just that... claims, hopes and wishes. It'll be too late if and when major OEMs ship PCs with secure boot locked on with unchangeable keys. All users need to speak up now and let OEMs know that they won't purchase systems where secure boot can't be turned off or keys can't be changed. This is about control over your own hardware, a cause I'd think the techno-geniuses that read Tom's could all get behind. Please sign this petition (and more importantly, agree not to support OEMs that don't allow end users OS/driver freedom).