Need more info: UEFI Secure Boot in Fedora

[Alan Cox]

>       If there are better options then we haven't found them. So, in all 
> probability, this is the approach we'll take. Our first stage bootloader 
> will be signed with a Microsoft key.

Why sign it at all. Also if the boot loader was signed it wouldn't be
allowed to load anything else unsigned at OS level or allow users to
install device drivers which might then take privileged control of the
system. So goodbye Nvidia driver for example. It also takes you into the
question at that point of whether a signed kernel with no key violates
GPLv2, which seems quite possible.

> will I need to pay $99 to use linux,etc.  what about other distros?
> I know will be speculating at this point but wondering what could be the 
> reprecussions if this method is taken?

The most recent state of affairs appears to be that for x86 (but *not*
at the last checkj ARM) devices it's a requirement of the windows 8 logo
and "secure" boot that it can be disabled just as things like the TC can.

What is needed then is to make sure its well documented and standardised
how people turn it off. This isn't just a Linux thing, its an old windows
thing, its a DOS thing, its a BSD thing, etc

As an end user the most effective thing anyone can do faced with a board
that has secure boot and it's not immediately obvious how to disable it
is to email and phone the suppliers tech support and pursue them
repeatedly until they give an answer. That will generally speaking exceed
their profit margin on the board by quite a bit so will make them very
keen to document it clearly for future users.

Alan