Aren't the only systems that are "required" to have UEFI Secure Boot--and to prevent end user disabling of this setting--based on ARM? I was under the impression that nothing had changed for the x86 architecture.
x86 vendors that want to qualify for the "Designed for Windows 8" logo program have to include UEFI secure boot and enable it by default, though they can allow users to disable it or install their own keys. That creates an extra hoop to jump through to install anything other than Windows 8.
ARM systems designed for Windows 8 have the same requirement, and additionally must not allow users to disable it or install their own keys.
Other way around: the original spec did not require vendors to support disabling UEFI secure boot or using "custom mode" (meaning installing your own key). See http://mjg59.livejournal.com/139232.html for one reference to that: "Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we've already been informed by hardware vendors that some hardware will not have this option."
Microsoft changed the spec in the wake of the controversy around UEFI secure boot. The current version of the spec (available from http://msdn.microsoft.com/en-us/library/windows/hardware/hh7...) does mandate the ability to use custom mode or disable UEFI secure boot, for non-ARM systems only.
My motherboard (a Gigabyte Z77X-D3H) has had Secure Boot added through a firmware update. It allows me to disable Secure Boot, and lets me import custom keys.
"Despite the best efforts of Fedora, openSUSE, Ubuntu, and the Linux Foundation, booting Linux on UEFI Secure Boot Windows 8 PCs continues to be a problem . The easiest way to avoid Windows 8 lock-in is to disable UEFI Secure Boot from your system before it starts to boot. However, this option may not be available on all motherboard; isn't available at all on Windows RT devices, such as the Surface; "
There are also more hoops the Linux vendors have to jump that are explained in the article:
Also, what I didn't understand myself - is the $99 Fedora has to pay for the key just something they have to pay once? Or do they have to pay $99 for every single machine? Because that would be pretty ridiculous if Microsoft managed to make Linux as expensive as Windows licenses, through UEFI.
The $99 is a one time fee.. but frankly even that is absurd. Why should fedora pay microsoft so that I can use my presumably IBM compatible dell PC? It is madness.
They could also sue all manufacturers for anti-competitiveness for not allowing Linux to be run
But I think the $99 is cheaper and better (given what some idiot bios developers do - remember (IIRC) one link here on HN where the bios would look for 'Microsoft Windows' or 'Red Hat Linux' on boot entries?)
This is not only occasional but common. ACPI tables are notoriously broken in many bioses and Linux in fact has to do a bunch of horrible workarounds in order to get working tables regularly.
