Matthew Garrett, the developer working for quite a while now on advancing SecureBoot for Linux, has written a blog post about the support state. The list basically comes down to:
- Ubuntu 12.10 x86_64 ships an older version of Shim that's been signed by Microsoft, so it should work out-of-the-box for most people.
- Fedora 18 isn't being released until early 2013, but it will have a Shim signed by Microsoft and it's newer than what's found in Ubuntu 12.10.
- Sabayon now supports UEFI Secure Boot out of the box.
- SUSE will be using a Microsoft-signed Shim, but there isn't a released version.
- Debian just picked up UEFI support into its installer but doesn't have SecureBoot handling for now.
Matthew also says that the Linux Foundation still hasn't received an officially signed copy of their boot-loader, for more on that see Linux Foundation Struggles With Microsoft UEFI Signing.