This kind of behavior by Microsoft makes Ubuntu a necessary evil.

Pay close attention to what Microsoft is actually saying ...

(1) If you are running Windows-8 on the machine, Microsoft wants to be certain (basically...) that a rootkit can't too-easily be running underneath it. They want their system to be the only OS that can run on that machine, so that the protections afforded by the operating system can't be "root-kitted."

(2) If you are not running that system, "it's your computer ... do as you like."

Nevertheless: "Root-kit defense" is a legitimate concern that by-the-way is shared by every operating system that's used in a commercial environment ... not just MS-Windows. Secure boot, and its various brethren, are technologies that were created in response to customer demand. They are not designed to "lock you into Microsoft," but rather to "lock you in to the system that you intend to be booting on this hardware, at the exclusion of any others." Such a system has to have "teeth."

Sometimes that night-time sysop turns out to be an industrial spy, and if "all he needs is a Knoppix DVD in his back-pocket," your entire computer center is basically defenseless. And that won't pass muster with, say, HIPAA, or Sarbanes-Oxeley, or ... Therefore, this boot-lock technology is being adapted to Linux deployments, too. Apple's busy with it also. An industry-standard consensus will emerge, be-cause it is legitimately needed.

1 members found this post helpful.

I agree. This ends up being another step in proper security administration. Who wants a virus/malware/rootkit anyway?

I predict that HOWTOs for doing this on Arch/Slackware/Gentoo/Debian/whatever will be all over the Internet once people actually get some secure-boot Win8 PCs to play with.

Furthermore, a distribution maker who wants to do what Redhat did (sign with a Microsoft key) just needs to pay $99 to Verisign. That's a one-time fee. Pat Volkerding can fund that by selling what, two Slackware DVDs? As far as I can tell, Redhat did the right thing.

Finally, newbiesforever's Dad can avoid the problem entirely just by having his computer built by a local PC shop, instead of buying a prefab Dell/Acer/Alienware/whatever PC. He can then specify that he wants it with Windows 8 installed and secure boot turned off. Or that he wants Windows 7 instead. Or that he'll take it without an OS.

If the issue was too complex for most linux users, even big name companies would still sell open systems just for this use. Motherboard companies would not allow locked systems to ruin their business and would offer easier to boot to models.

I'm not sure it's too complex for most Linux users, but it might be too complex for enough Linux users that large companies will adjust. I think I can handle these solutions being discussed, but...I don't want to, and really don't have the energy right now. And I'm not even a newbie user who might say "What's, like, a signing key?"

I have nothing against NEEDING a key
BUT I WANT TO USE THE KEY I MAKE

and be able to sign MY own drivers

and hold the keys TO MY SYSTEM

i DO not want to really on some other company that DOSE NOT have MY interests in mine

... and you can fully expect that this will be the way that things actually turn out. In the real world, no one is ever going to consent to "MIcrosot Corporation holds the keys to the kingdom."