The Linux Foundation and its technical advisory board has a long history of working with UEFI (and indirectly Microsoft) to ensure that Secure Boot would function in a way that Linux Could take advantage of:

http://www.linuxfoundation.org/publications/making-uefi-secure-boot-work-with-open-platforms

In particular, we foresaw the GPLv3 bootloader problem and crafted a solution whereby the user would always be able to take control of the platform and install their own secure boot keys (this solution is now mandated by Microsoft in their Windows 8 hardware certification requirements).

This talk will review the history, give the current state of play of secure boot on Linux (we know it works with Red Hat and Ubuntu, but what about all the other distributions) paying particular attention to what the four secure variable databases actually are, what they can contain and how they all
interact.

Finally we will explain in detail how the end user can take full control of their platform, why this isn't as simple as simply throwing out Microsoft's key and installing your own and what all the technical requirements are to achieve full PC platform ownership (including installing trust signatures of bios rom drivers, creating additional EFI programmes for booting unsigned media and simply managing the secure variable databases).