I think it's quite amazing and sad that these companies, the "good guys" in this matter (if we oversimplify and consider the whole of the free software community as a single unit), are forced to work around their own license designed to prevent precisely this problem. I hope the FSF is right here -- my understanding of the situation is that they are. This is what I wrote on Google+<https://plus.google.com/u/0/108688191891412975833/posts/VxEgXWxrZ9Q> : Key quotes: *"the Windows 8 Logo program currently mandates Restricted Boot on all ARM systems, which includes popular computer types like tablets and phones. It says that users must not be able to disable the boot restrictions or use their own signing keys. In addition to being unacceptable in its own right, this requirement was a reversal from Microsoft’s initial public position, ... Microsoft has demonstrated that they can’t be trusted. While we are interpreting their current guidelines, we must keep in mind that they could change their mind again in the future and expand the ARM restrictions to more kinds of systems."* *"Machines sold as “Ubuntu Certified,” preinstalled with Ubuntu, will have an Ubuntu-specific key, generated by Canonical, in their firmware. Additionally, they will be required by the certification guidelines to have the Microsoft key installed."* What? How did these terms get so skewed in Microsoft's favour that even in the very small market for "PCs sold with operating systems other than Windows," the manufacturer still needs to make it possible to install Windows? Crucially: *"[Canonical] plan[s] to drop GRUB 2 on Secure Boot systems, in favor of another bootloader with a different license that lacks GPLv3’s protections for user freedom. Their stated concern is that someone might ship an Ubuntu Certified machine with Restricted Boot (where the user cannot disable it). In order to comply with GPLv3, Ubuntu thinks it would then have to divulge its private key so that users could sign and install modified software on the restricted system.* *"This fear is unfounded and based on a misunderstanding of GPLv3. ... In such situations, the computer distributor – not Canonical or Ubuntu – would be the one responsible for providing the information necessary for users to run modified versions of the software."* I agree with the FSF here and I think their point is very important. The *entire point* of the GPLv3 and GRUB 2's usage of it (GRUB is owned by the FSF) was to prevent *precisely* this problem: a computer manufacturer distributing a Restricted Boot device that prevents the user from modifying the installed software. If Ubuntu uses GRUB 2, they do not put themselves in danger, and send a clear message to computer manufacturers: *if you distribute a computer pre-installed with Ubuntu and prevent users from disabling Secure Boot, then you violate the license.* If Ubuntu switches to a less restrictive boot loader, then they send an equally clear message: *feel free to restrict our users' freedom to install any operating system other than Canonical's official Ubuntu or Microsoft Windows.*