If it's any good you can, my motherboard lets me install/remove any keys (including the default MS keys)
whats your motherboard type?
i would like to recommend it to some client,
as most Secure Boot capable motherboard i've seen, doesn't allow you to installing your own keys easily,
some said that user can change the key during Firmware Updates,
which mean the key must be specified somewhere in the firmware binaries!
Stopped reading at "keys handled by Microsoft".
No they are not. Verisign is handling Secure Boot keys. Microsoft bought they key like everyone else can do, they even offered keys for Linux distros for free for a while but since Linus is too stuck up on his own views it went all sour, this is nothing you can blame MS on.
yes, but doesn't change the fact that almost (all?) windows 8 in existance are signed by the very same key, which pose pending problem of key compromise i mentioned above.
And, the corporates actually want to sign the OS they use with their own unique keys,
as that would give them control on what OS allowed to be used in their environtment,
and less likely affected whenever the world-wide Windows-8 Secure Boot keys compromise happens.
then find a way to sign the MS bootloader and you're in..
signing MS OS's component using your own unique keys...,
i read the report that some one did try and of course the Windows 8 was complaining afterward (which is a good thing from OS security's POV btw),
Thats however, unable to achieves what the corporates want.
You can load your own signing keys in some implementations..
That is, however, the reason it's set up the way it is.
It's beyond confusing for the average user. That's why Microsoft mandated that you be able to turn it off.
If you want secure boot that you hold the keys to, awesome. Find an OEM provider that allows you to.
yes, by firmwire updates some OEM did offering that, but it also mean OEM will know the half about the unique key,
some corps would like if if none of the outsider would know about their keys.
And currently, only open-sourced OS (linux flavor for example) components than can easly signed, not Windows 8.
so why Coprs not switch to Linux?
well, due the fact that Corporation still need windows, and OS migration are costly & painful process.