According to Microsoft, secure boot is optional, you can turn it off at any time and there won’t be any problems running 3rd-party operating systems like Ubuntu, Mac OS X or whatever you want.
Microsoft recently answered questions regarding their secure UEFI boot loader option in Windows 8. It is a hardware side option within the UEFI firmware that allows for a secured booting environment where only signed OS’ can boot. This blocks a lot of malware that attack boot loaders. However, it also stops any unsigned OS’ from loading, including most of the current Linux flavors and FreeBSD. Microsoft’s Tony Mangefeste posted on the B8 Building Windows 8 blog saying that users will still be free to install any software of their choice.
Secure Boot Is An Option And It Can Be Turned Off, Says Microsoft
Tony made it clear in his blog post that the option to allow secure boot of Windows 8 is an option that is present within Windows to secure its booting process and protect the OS from a variety of malware. This type of hardened booting environment can however be turned off from within the UEFI if the hardware and the firmware manufacturer chooses to do so. Once turned off, the user can then boot any unsigned OS in to their hardware.
The message in the post was clear — the user is the one who ultimately retains control of the hardware. Microsoft is not mandating anything close to a hardware lock down. They have left it up to the OEM entities to decide for themselves whether they want to include the option of turning secure boot off. The UEFI group that manages the standard has so far not released any comments to the press regarding this matter.
The Importance Of Signed OS’ And Why It is Hard To Implement In Linux
Signed OS’ ensure that no malware can tamper with the OS in the boot environment. Any change in the lower levels of the OS will cause the authenticity to be violated and the OS will not boot at all.
Technically, it is quite possible to sign Linux OS. But since Linux is extremely de-centralized and open in nature, it will be very hard to implement. In addition to this, the kernel being a part of the boot will also have to signed and that poses a whole lot of complications for developers working on Linux.