The actual technology behind all of this, or as much of it as I can grasp, is fascinating. That said, I think that MS, in the guise of improving security, is really just following Apple's model and attempting to make Windows-only PCs.... but unlike Apple, which has it's own proprietary hardware, MS's proposed lockout would extend to any OEM's product pre-installed with Windows8 (and higher). MS is and always has been ruthlessly aggressive where attempting to control market-share is concerned, even at the expense of the quality of their product, and regardless of polished statements implying versatility and user-choice, the facts (from the link I posted above) say it all:
* Windows 8 certification requires that hardware ship with UEFI secure boot enabled.
* Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we’ve already been informed by hardware vendors that some hardware will not have this option.
* Windows 8 certification does not require that the system ship with any keys other than Microsoft’s.
* A system that ships with UEFI secure boot enabled and only includes Microsoft’s signing keys will only securely boot Microsoft operating systems.
Not so good for Linux users, imho.