It seem that from what I've interpreted, it's absolute hardware/OS lock-in. Windows and windows only on the system, unless somehow the hardware vendors resist the bullying, which never lasts long.
As a genuine desktop linux enthusiast since Slackware 9, I've never used Linux in spite of another operating system, but this makes me sick. I've never been motivated to call...I don't know who...my local congressman?? LOL. This, whether or not it's legal, or will even gain traction with system sellers, is absolutely ridiculous!!!
Is there an actual possibility that I will not be able to choose what I run on my computer? I mean honestly, those that don't buy into it know full well that they will be able to charge a premium for freedium!
If I'm way off here, I'm sorry. But this just...pisses me off!
The UEFI secure boot protocol is part of recent UEFI specification releases. It permits one or more signing keys to be installed into a system firmware. Once enabled, secure boot prevents executables or drivers from being loaded unless they're signed by one of these keys. Another set of keys (Pkek) permits communication between an OS and the firmware. An OS with a Pkek matching that installed in the firmware may add additional keys to the whitelist. Alternatively, it may add keys to a blacklist. Binaries signed with a blacklisted key will not load.
This impacts both software and hardware vendors. An OS vendor cannot boot their software on a system unless it's signed with a key that's included in the system firmware. A hardware vendor cannot run their hardware inside the EFI environment unless their drivers are signed with a key that's included in the system firmware.
Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows. The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.