Geek-9PM: Here you go. This is from the official UEFI forum. This document discusses common misconceptions about secure boot:
http://www.uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdfExcerpt:
What is UEFI Secure Boot, and how did it originate?UEFI Secure Boot was created to enhance security in the pre-boot environment. UEFI Forum members developed
the UEFI specification, an interface framework that affords firmware, operating system and hardware providers a
defense against potential malware attacks. Without UEFI Secure Boot, malware developers can more easily take
advantage of several pre-boot attack points, including the system-embedded firmware itself, as well as the interval
between the firmware initiation and the loading of the operating system. Malware inserted at this point can
provide an environment in which an operating system—no matter how secure—cannot run safely. Secure Boot
helps firmware, operating system and hardware providers cooperate to thwart the efforts of malware developers.
Additional background on the intent of UEFI Secure Boot can be found in "UEFI Networking and Pre-OS
Security," published in the Intel Technology Journal [1].
What are the most common misperceptions about UEFI and UEFI Secure Boot?Several misperceptions about UEFI Secure Boot, its intended uses, requirements and application exist within the
technology and end-user community. A few of the most common are outlined below and in greater depth
throughout this paper.
- False: “UEFI Secure Boot is an attempt to ‘lock’ platforms to software from specific vendors and block
operating systems and software from others.”
- False: “UEFI Secure Boot requires a TPM chip, as described by the Trusted Computing Group (TCG), and
TCG controls the UEFI specification.”
- False: “UEFI Secure Boot requires a specific implementation by computer manufacturers and operating
system vendors.”
Additionally, from my experience, if it is anything worth to you, I like to give you this for a thought. I am C3iO for a tech company which maintains a laptop user base of roughly 1200 machines. By our company policy, we will reimburse, within boundaries, each user's laptop and OS purchase, instead of the company forcing one onto them, as long they are able to support the Unix/ Linux based work environment (yes, even Windows laptops are welcome). By current count, 68% are Linux/ Unix installations, the rest being MacOS or Windows. 97% of all have been purchased within the last two years and those, if not Macs, came all with UEFI & secure boot as default settings.
All have been reinstalled, since we do not allow factory installs. The variety is across the board; Asus, Lenovo, Samsung, Dell, you name it.. The number of laptops we could not reinstall with a different OS is 0 (zero) !
Geek-9PM, whatever you read on the internet and apparently believe, is not supported by any official documentation, nor reality. I know their have been scare reports and confusion in the early days of secure boot announcements until their-of clarification. I urge you to show me any laptop (not RT, tablet, or army spec model) on sale these days, which can not install any compatible OS (I mean HW compatible OS, not secure boot compatible!) on it by means of disabling secure boot or enabling legacy boot (for a non-UEFI OS).
Also, as an advise towards efficiency, you are perhaps being better off by maintaining a list of unsupported machines.