It’s very early, but this might be worth freaking out about.
This was discovered by Linux developer Matthew Garrett, who’s been doing a lot of work with EFI booting in general for his day job. Recent UEFI specifications have allowed for “secure boot” that requires an OS to have a signed key in system firmware to work.
Microsoft is requiring (PowerPoint) that OEMs ship client systems with the secure boot enabled to get the Windows 8 logo. Of course, all major OEMs are going to want the Windows 8 logo. In short, a vendor like Dell would ship systems that recognize the OSes that Dell offers. That would mean whatever Windows versions that are offered by Dell would be properly signed. Other OSes – even retail versions of Windows 8 – wouldn’t necessarily be signed to run on the systems.
…
The secure boot requirement is already raising eyebrows in the Linux community. As planned, machines that would conform to the logo requirements for Windows 8 (read: virtually any system you would buy from Dell, Asus and so on) would not boot Linux.
Windows 8 Spells Trouble for Linux, Hackintosh Users and Malware Victims
I’ve long advocated a dual approach to the ‘tubes: down-to-the-hardware security for commerce, and let everyone else be the wild west if they want.
MS had their pee-pee whacked for requiring OEMs to pay for Windows even if they shipped with an alternate OS. But I wonder if nowadays it is moot: in a word, VM.
Security is great, but if you own the machine, you should be able to do whatever you want to it and not forced to run Linux in a VM.