there are options, ready, able and willing
There are ways to make rooted, open bootloader computers, not just for devs, but computers that reach the mainstream and make it so Debian doesn't have to compromise at the core. We've been working at OEM level for a few years and are hoping to keep traction through upcoming years. It's actually not that hard to do runs of computers at OEM level, but it is a pain to do the distribution chain part of the equation (shipping, admin types of things).
Read Cory Doctorow's input on it: http://boingboing.net/2012/07/06/zar...company-w.html
The tools are available. We just need to find a way to make it work. On our end, we need to find a way to motivate Debian devs to help us out. We're on a ridiculously tight budget and already run on the fuel of volunteers in our core team (some, not all). We'll keep doing the best we can and if Debian wants to keep it open, we're here to support on the hardware end.
Personally, I'd love to see Debian thrive. There's a really nice Debian community guy that talks to us at nearly every conference, encouraging us to do more work to support Debian on our machines. We need a bit more dev support & it would be a Go.
There's no reason to sell out when there are options.
--Cathy Malmrose, CEO ZaReason
zareason.com North America
I see this as an opportunity
I am assuming signing means certificate. With that as an assumption and yes I'll need to read more. My thoughts are with all the cert vendors getting hacked I don't believe this is for security. M$ does not work and play well with others, I'm a windows admin as a primary role, however over the years I do not agree with M$ "business" practices. I did not like "activation" and I certainly do not like what they have done with their latest versions of their OS. 2008 R2, 7 and now 8 they are taking more control away from the end user end of story. I also see them snooping into what you have on your machine I.E. go look at any task in the task scheduler, now go and disable it. It will not disable UNTIL you have the trigger turned off or you delete the task outright.
So with all that said and yes I have a long list of WTFOs that I could list, but I'm not going to. These reasons are why I moved over to Linux. I have control over what the machine will do, I also have control over being able to develop things to do what I want. Freedom was what I was looking for and M$ has chipped away at those freedoms over the course of my career.
So back on topic. I do not see this UEFI/Secureboot thing as a needed thing to implement. OEMs should outright say no to this and who cares if they don't get a "sticker" (I'm reminded of star belly sneeches here.) I see two possible issues:
1. Lock out of the HW for other OSes. (It will happen)
2. A great way to render a windows PC useless by messing with the key or hacking it and placing another key there.
So this is an opportunity for those that have the money to start building their own hardware that is open and not influenced by M$. I think Ubuntu would have that kind of money, but I would hope others would as well. Furthermore I think if the OEMs had any sort of clue they would build out systems or work with their component vendors to provide open hardware where this "feature" is not even on the board. A vendor fork if you will.
I only have one windows machine in the house and 7 is the last M$ OS that will be on it. It's only purpose is to run windows apps that will have trouble on the dated HW that Linux now runs on. If the end user base had any inkling of how difficult M$ has made things they'd be switching to somthing else.