We all knew this day will come, the day when The Linux Foundation finally got a Microsoft-signed bootloader that can be used on the new Windows 8-shipped hardware, like the new ultrabooks or the new Desktop PCs.
But if the big Linux distributions like Ubuntu and Fedora got their UEFI support from Microsoft, and the small distributions got the Shim bootloader, is this a big deal?
Actually it is a big deal, because if The Linux Foundation finally got a Microsoft-signed bootloader, that means there will be a universal and more user-friendly solution to this UEFI babble. If you don't want to wait and you already want to try out the new Linux Foundation Secure Boot System instead of waiting to a stable and user-friendly implementation, you can go here and grab the .EFI files. However, if you notice the missing KeyTool.efi file, the lack of its presence is apparently caused by a exploitable bug that can compromise the whole UEFI security system:
"Originally this(the KeyTool.efi file) was going to be part of our signed release kit. However, during testing Microsoft discovered that because of a bug in one of the UEFI platforms, it could be used to remove the platform key programmatically, which would rather subvert the UEFI security system. Until we can resolve this (we’ve now got the particular vendor in the loop), they declined to sign KeyTool.efi although you can, of course, authorize it by hash in the MOK variables if you want to run it."
So basically, we are on the right track to simplify the "unlocking" process of the UEFI bootloader so the unexperienced Linux user can properly enjoy the open-source experience on his shiny new ultrabook :). How much do you think it will take to get it right?