The free software foundation has started a campaign to prevent restricted boot from becoming an industry standard in hardware. If you were living under a rock lately, restricted boot is exactly the kind of evil that will kill the PC, as we know it. Restricted boot is being sold as UEFI and although it is marketed as a security feature, it is a well-devised mechanism to create a vendor lock-in for Windows 8. That means, if your PC is secured with UEFI 2.2, you will not be able to install any operating system whose bootloader is not signed.
Although the original EFI specification was developed by Intel, it was done with the Windows OS in mind. With this move, custom kernels will be a thing of the past, as the kernel must be signed with the developer’s private key and the OEM should ship its PC with the required key alongside the Microsoft key.
Currently, the campaign by FSF has gathered 40,000 signers who support the FSF in this movement, and want to rid the world of this evil. The campaign’s appeal page goes here, and it outlines plans for the next year.
Currently, Ubuntu Linux 12.10 supports UEFI secure boot by loading GRUB though a workaround, and then proceeding with the boot. Beside this workaround, Canonical also has its private key, which will be used on certified OEM PCs. From what it seems, you need to be a big corporation to be able to fiddle with an x86 PC now.
The Linux Foundation also announced back in October that it would start working on its own version of a minimal UEFI bootloader signed with Microsoft’s key. However, it is still waiting for Microsoft to give them a signed pre-bootloader.