[CurtHagenlocher]

"For Windows customers, Microsoft is using the Windows Certification program to ensure that systems shipping with Windows 8 have secure boot enabled by default, that firmware not allow <b>programmatic control</b> of secure boot (to prevent malware from disabling security policies in firmware), and that OEMs prevent unauthorized attempts at updating firmware that could compromise system integrity."

So an OEM can still be "Windows Certified" if they allow manual disabling of secure boot.

[mrud]

That was never the point. The point is that there will be probably systems which do not allow a modification at all for controlling secure boot as it would be another optional feature. In addition you probably won't be able run Linux without changing the secure boot option for certified systems.

http://mjg59.dreamwidth.org/5552.html provides a good overview about the issue