[jkaplowitz]

Secure Boot doesn't inherently prevent other OSes from running. The user retains ultimate control on the vast majority of Secure Boot x86/x64 machines which allow adding your own signing keys, removing Microsoft's and/or the OEM's, and disabling Secure Boot. In these cases, it is a positive anti-malware system without removing user freedom.

Additionally, Microsoft cooperates with the Linux community to sign their keys. Most Linux distros these days can install with Secure Boot enabled, and still offer ways for users who need to do things like compile kernel modules to do that without having to disable Secure Boot.

The situation is different for some devices like (I think) Windows RT devices based on ARM, and maybe cheaper x86/x64 netbooks now that the Secure Boot certification requirements have changed. In these cases they often do restrict you to only what MS is willing to sign, with no opt-out. I won't defend that in the slightest, but it's not true for much of and probably most of the PC market.