In an article by Sam Varghese in iTWire, Linux users will find Microsoft’s current advice to Windows 10 OEMs regarding UEFI Secure Boot welcome news. More information here:
[iTWire article aside, more welcome news would be if OEMs would build consumer Linux devices with Secure Boot working directly with them, without Microsoft PKI/CA/keys, in some of their models. Intel and SuSE demonstrated this at IDF2013, yet no consumer devices are available, AFAIK.
Even more welcome news would be offering Coreboot as an option, including new Coreboot support in UEFI as PI component.
Even more news would be providing systems where owners could build and update their own firmware, from tianocore.org and coreboot.org code, along with any new drivers from the OEM, and have a firmware update mechanism for local owner-users, not only beg for updates from vendors.
But I guess I should simply be happy that Microsoft is permitting Windows OEMs to still let users install software on the HW/FW/SW that we don’t actually own/control. 🙂 –ed]
Firmware Security 