Original article by Paul Castagnino, first published on usemoslinux.blogspot.it in spanish
Secure Boot is a type of mechanism that verifies that the code executed is digitally signed. Thus the computer can only boot an operating system that has a bootloader properly signed. This is a requirement that Microsoft asked to put on computers the badge “Windows 8 Certified”. This request by Microsoft has split the waters among the major Linux distributions , find out why.
The position of Red Hat and Fedora: in this the alternative that sound “less bad”?
As discussed in detail a few days ago, about boot loader approved by Microsoft, Red Hat will choose to use a Microsoft service called Sysdev (paying $99 for the registration), while money in the end will go VeriSign. This seems to imply that any GNU/Linux could use the same key, no doubt an act of great charity by Red Hat. The cost is not important, is only $ 99US, but that principle is not the reason which took the GNU/Linux far away from Microsoft all this time?
The position of Canonical and Ubuntu does not depend from Microsoft
Canonical, which is present in UEFI Forum, has generated a key for Ubuntu itself, thus avoiding having to use a Microsoft, as proposed by Red Hat. The fundamental difference between the proposal of Ubuntu and Microsoft is that there would be no evidence of Canonical offers services for key creation. A system that has the Ubuntu key can only run Ubuntu unless, of course, the user disable Secure Boot or add other keys to UEFI. With this in mind, Canonical is already working on a replacement for GRUB 2 because apparently would create legal problems because of the GPLv3.
Do not use Secure Boot: the best solution
Perhaps the best option is to not use Secure Boot at all, although this will require to change an option in the BIOS, which can scare many rookies in their move to Linux. But to be completely honest, that same is already true today for users that want to run Linux from a LiveCD or LiveUSB.