Matthew Garrett has posted a summary of currently-known
with UEFI-based machines and Linux. "Some Lenovos will
only boot Windows or Red Hat Enterprise Linux. I recommend drinking,
because as far as I know they haven't actually got around to doing anything
useful about this yet.
Meanwhile, James Bottomley has put up a
report on his work with the Linux Foundation's secure boot loader.
"The upshot of all of this is you can now use Pre-BootLoader with
Gummiboot (as demoed at LCA2013). To boot, you have to add two hashes: one
for Gummiboot itself and one for the kernel you’re booting, but actually
this is a good thing because now you have a single security policy
controlling all of your boot sequence. Gummiboot itself has also been
patched to recognise a failure due to secure boot and pop up a helpful
message telling you which hash to enrol."
to post comments)