What is "Secure Boot" in Windows?

Question

This morning I was trying to upgrade Windows 7 to Windows 8 and ran into a problem:

Your firmware doesn't support Secure Boot.

What is Secure Boot, and what can I do in this situation if my firmware doesn't support it?

Answer 1

What is “Secure Boot” in Windows?

I think (some or all of) the following are true

• UEFI replaces traditional BIOS as the PC firmware that starts the boot process.
• UEFI has a feature called "Secure Boot"
• You can disable EUFI secure-boot on some computers but not all.
• Windows 8 for ARM (Windows RT) will not install on hardware that does not support UEFI or which allows Secure Boot to be disabled.
• Windows 8 for x86 can be installed on non-UEFI hardware.
• UEFI with secure boot enabled only boots the operating system (OS) loaders that are signed using a key certified by a certifying authority (CA) known to the UEFI
• PC builders include Microsoft as a CA in UEFI but not Linux distributors
• Some PC builders allow you to add your own keys/CAs to UEFI
• One or two Linux vendors have decided to pay Microsoft to sign their Linux distributions
• Some Linux distributors publish workarounds (how to disable UEFI's secure boot? or how to make UEFI recognise the distributors signature on Linux?)

Some people suspect that, at the very least, Microsoft are happy to use security as a justification to force on hardware makers a change that as a major side effect makes it hard or impossible to install a non-Microsoft operating system on that hardware.

P.S. I am pretty uncertain about many of the above points and welcome corrections, directly or in comments.