I think it does.

Look at it this way: fastboot initializes so little in the firmware that it can hand off to the operating system in the hard disk / SSD almost immediately upon power on. The window to hit a modifier key to interrupt the initialization process is so small, it's essentially impossible.

If Linux has an Advanced Startup boot menu similar to Microsoft's, a user who is not able to boot into a distribution (either because of some kernel issues or other major problems) will see the OS attempting to boot a few times, give up and automatically throw up the Advanced Boot menu to offer troubleshooting options. Ditto for accessing the UEFI menu; if the keyboard is not going to be initialized by the firmware, an Advanced Boot menu provides an elegant way for a user to reboot the machine directly into the UEFI menu without having to hammer F2 / F10 / Del repeatedly on reboot.

Matthew just said in the previous page that someone was working on such a tool; I hope, and look forward, to seeing it eventually become a core component of any desktop Linux distribution. It also solves the whole 'each OEM machine has a different method for accessing the BIOS / UEFI menu' issue big time. Instead of having to dig out documentation on how to access the UEFI menu for each OEM machine, users just need to know 1 way to do it; reboot into it directly via the Advanced Boot option in the OS.

Or boutique notebook stores that specialize in high-specced, custom notebooks based off a stock Clevo chassis. I know there are many such shops in the West that sell high-end Clevo-based notebooks online.

I havent had a laptop with an optical drive ever. To me the CD has always been a backup solution when the USB stick fails no matter what computer Im using.

You refuse to sell out but have you taken any action to improve the situation with the manufacturers. Have you tried to get your own key embedded into their systems? See where the problem lies? You have to convince the manufacturers to add your key to their secureboot. If you are unwilling to take on that task, don't expect anyone else to. Otherwise you can optionally use the MS issued key.

I remember both Matthew and Bottomley saying that it is possible for a user to generate his own set of keys and certificates to enroll into the Secure Boot using a combination of OpenSSL and a signing tool which was recently made available on the OpenSUSE Build Service.

While the process is extremely complex and mistake-prone (i don't even understand half the instructions published), it does provide a way for savvy users to generate their own ring of trust around their own machines.

More importantly, if generating the keys and the certificates and getting them enrolled into Secure Boot at the UEFI level requires such a complex and mistake-prone process, it makes sense that no one else is willing to undertake the task.

That's not the issue here... The issue is that you are forced to accept the Windows EULA no matter what. You can't access the UEFI menu in any way before pressing the accept button. Otherwise it's all good, once you have access to the UEFI options, you can just as easily switch fast boot off.

USB thumbdrive is by far the most preferred way to install a linux distro. They are cheap reusable and far faster to install an os from than a cd or dvd. many popular distros such as ubuntu now only fit on a thumb drive or dvd.

It's not copyright protected intellectual property. I don't "rent" my computer. It's mine. I own it. I should be able to do what I want, when I want and how I want. There shouldnt be any kind of key at all. Period. There is no good reason for -anyone- to issue keys to allow me to boot. I should be able to boot whatever whenever and where ever. Period.

What? I haven't burned a Linux CD in years. I strictly use USB drives now.

And you can. Just turn off Secure Boot.

The thing that currently annoys me the most about Secure Boot is that it's difficult to fork distribution kernels now. I needed to do that for debugging purposes lately, and I had to edit the spec files for a while to disable the signing mechanism. Without that the fork just wouldn't build. I don't have Secure Boot to begin with, so signing the kernel is utterly useless to me, so this feels like a pointless hindrance at this point...

I do know better, but I find it more practical; since I installed Windows 8 on my desktop I can go from pressing the power button to having my desktop up/starting firefox in 30 seconds, whereas it took 4 solid minutes in Windows 7 (and that's after I cut out a lot of boot-time services).

It's not done in the same way, but it means I can start using my computer much more quickly. I've had no problems with this in the last 6 months.