Other operating system vendors are free to arrange with hardware manufacturers to include certificates for their operating systems. It's not an antitrust issue that other OS vendors were not able to get their act together in order to do so.
On top of that, they have the option of piggybacking on Microsoft's certificate. Microsoft will even subsidize the cost of getting a certificate from Verisign to allow that.
Finally, Microsoft is using their market power to force OEMs of x86 computers to include a way for users to disable Secure Boot and to add new certificates.
> Other operating system vendors are free to arrange with hardware manufacturers to include certificates for their operating systems. It's not an antitrust issue that other OS vendors were not able to get their act together in order to do so.
For a lot of users, merely having the option of signing their images simply won't be good enough. Unless the signing keys are available to everyone, you cannot boot a self-compiled kernel on a secure boot system.
If you want to compile your own kernels and boot them without disabling Secure Boot, make your own self-signed certificate, add that to the certificate list the firmware maintains, and self-sign your kernel with your certificate.
This is has so many problems that it's sort of silly to just name one. But for me, this makes OS research much more painful, let alone anyone else doing anything with Linux that isn't using a distro blessed by Microsoft or one their proxies.
If they are frequently switching between Linux and Windows on a dual boot system, then yes it will be more painful unless the go to the trouble of generating their own signing keys and adding them to the firmware's key database and signing their Linux.
If they aren't frequently switching back and forth between Windows and Linux, what's wrong with going into the firmware settings and turning off Secure Boot so that they can run whatever Linux they want with no restrictions?
On top of that, they have the option of piggybacking on Microsoft's certificate. Microsoft will even subsidize the cost of getting a certificate from Verisign to allow that.
Finally, Microsoft is using their market power to force OEMs of x86 computers to include a way for users to disable Secure Boot and to add new certificates.