[quote name='mhagain' timestamp='1341337524' post='4955369']There's already 2 Linux distros going to support secure boot and no reason why others can't follow. And part of the standard is that users must be able to disable it if desired, so no problem at all there.

As by the specification, the platform is initially in "setup mode", with no public key is installed. After the first public key half of the "platform owner" has been enrolled, it switches to "user mode". Except "platform owner" is really Microsoft, not you. It does not take any privileges or authentication to install their key, and that is just what Windows8 install does, without asking.

In "user mode", the platform only allows execution of signed software, and installation of public key halves that are signed by the already installed key. Which is a key controlled by Microsoft. You can clear the key by writing a zero key that again must be signed with the installed key. Which means you can only regain access to your computer if Microsoft lets you.
[/quote]

Are you talking about ARM or x86?

Are you talking about ARM or x86?

I'm talking about the Unified Extensible Firmware Interface Specification (version 2.1.3, somewhere around page 1450 or so), which is written irrespectively of ARM or x86.

Your question probably refers to the Open Enterprise article which cites a RTW of Windows Hardware Certification guidelines? This, if that is the final version of the document, and if manufacturers implement it, would at least lessen the evil somehow. Although disabling safe boot could temporarily work around the problem, it does not address the problem (nor is it a good workaround, it actually defeats the purpose). To remove the key, you still need a zero-key signed by Microsoft. Otherwise your motherboard is non-compliant.

Don't get me wrong, safe boot is a good thing, and it should be enabled. It's just that you should own the master key, since you're the owner. Heck, you paid for it.