Mathew Garret of Red Hat, announced that Fedora 18 will be signed by Microsoft to ensure compatibility with systems with UEFI Secure Boot.
As we had earlier reported, one of the requirements for Windows 8 certification is the UEFI Secure Boot. UEFI Secure Boot is a good idea from a security point of view as it prevents the system from booting if there are unauthorized changes in the software running on it. However, it creates a problem for the many Linux distributions as they have to ensure that the OEMs ships their hardware with their signing code. Otherwise, users will have to manually disable UEFI Secure Boot to install their distribution - hardly a viable option when you have beginners using your distribution.
Microsoft's signing service charges $99 and once signed, it ensures that your code can run on all Windows 8 certified systems. This will ensure that users will be able to install Fedora as before without the need to tinker with the firmware to disable the UEFI Secure Boot to install Fedora.
it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.
Using Microsoft's signing service is not the only option - it just is the most practical one. In theory, Fedora can produce their own key and contact the OEMs to include their key with the systems they ship. But, this will mean that Fedora has to contact every OEMs and ensure the inclusion of the keys. This is not something that is very practical.
Getting Microsoft involved will obviously be not welcomed by everyone and issues regarding software freedom will be raised. But the reality is that because of the market share that Windows command, UEFI Secure Boot is here to stay and the Linux distributions have to adopt it.