Ubuntu 12.10 is the first distro that supports the Secure Boot architecture by default. Canonical developers have spent a huge amount of time making sure that Ubuntu runs fine and without problems in all hardware. Steve Langasek, an Ubuntu developer has put forward a nice account in his blog, regarding how they are making Secure Boot supported.

The whole boot process follows two stages before handling the control to the kernel. The first stage includes a UEFI bootloader which is signed by Microsoft so that its recognizable in Secure Boot devices. If SecureBoot is not enabled on the device, the control is passed to the second stage straightaway. If its enabled, the signature is checked and if a match is found, the control is passed.

This is how SecureBoot is managed in Ubuntu and Fedora. Debian is still unclear as how they will manage SecureBoot.

The second stage features a GURB2 bootloader which does usual tasks as before. Earlier Canonical had plans to use a non GPL bootloader here, but they were thrashed.

Langasek says that they will backport the secure boot mechanism to Ubuntu 12.04 release as well, so that the LTS version can be installed in Secure Boot devices. So the next major service pack of Ubuntu Precise (12.04.2) will include support for SecureBoot.