You haven't read any of my previous posts, as I already explained that a system with (x86) UEFI Secure Boot can trivially be made to boot with any other OS. Without even booting win8 once.

And, the entire Secure Boot process is extremely transparent, but I'm not going to repeat all the public information that is already out there.

For reference, please read mjg59's blog, or James Bottomley's blog posts. It points out all the holes in your post above, and provides you with real information on how to do what you think you can't. I've posted links in another post in this thread.

There -are- boards on sale today that don't have configuration options to disable Secureboot. Telling people that they can simply disable Secureboot only covers the fringe cases.. You know the rare edge cases. Like I said we arent specifically dealing with enthusiast class users here. Secureboot -is- a major issue for average users. You try explaining to someone why they can't boot up to the liveDVD they just downloaded and then tell them they need to disable Secureboot by configuring the firmware options and they will laugh at you and ask how much is it going to cost them.

I'll admit that the majority of the people you'll find posting on this forum probably won't have much difficulty. But thats the whole problem. It doesnt stop people who know what they are doing. It only hurts legitimate users who don't know what they are doing. And lets just admit thats the vast majority of people.

Its the typical restriction management crap.

Can you list boards (x86, I'm not talking about ARM) that have this?

Such as?

Why would they need to disable Secure Boot? There's no excuse for distributions not to support it now.

"You could also (assuming you never plan to boot windows) delete all the microsoft keys from the system. Beware if you decide to do this that some of your UEFI drivers may be signed by microsoft keys, and removing them all may limit the functionality of your UEFI platform. Additionally, any UEFI update to your system is also likely to come signed with the microsoft keys, however, in this case you can put the Microsoft keys back before doing the update."

You simply include the hashes of the UEFI drivers in your whitelist. I don't know why James thinks firmware updates are likely to be signed with the Microsoft key - I've seen no evidence to support that so far.

Is that really all you need to do? Inform the existing OS that you're about to replace it?

Actually brass tacks, if you buy a Windows 8 Secure booted up the wahoozie laptop what are the actual steps to install, say, Ubuntu.
That's got to be a common use case.

Forget the ethics for a moment.
Assume no contact with Microsoft or between Microsoft and Canonical.

What are the steps?

One very big part of secure data/system is that you can use your system and get access to your data.

And windows is far from being a monopoly of ARM systems, and just about everyone in the ARM space locks their bootloader in some manner or another.

The idea of a car which would only accept gasoline made by SHELL is absurd. And if you did not know it, there are tons of laws saying what corporations can do and what they can't do. No company is free to do whatever they want - and ?$ should never be an exception to this.

There are tons of used computers in the world. People should be able to install whatever OS on those computer they can legally install. That is what people should be able to do. If they can only install ?$ on those computers, then the result is very insecure system in many ways.

If GNU/Linux would have 98% share of all computers having preinstalled OS, then, I might have hard time to resist the dark side but rather yell and demand "GIVE US 'SECURE' BOOT authorized by the Big Penguin and give it now!"

Could be so much fun to say "no, sorry, it is impossible to install ?$ in that. There should be a switch in BIOS making it possible, but for some very strange reason there is none, and even if the switch would be there it would be very hard and time consuming thing to do so much so that an expert would be needed for it."