Bottomley: Adventures in Microsoft UEFI Signing

James Bottomley's UEFI
bootloader signing experience
is worth a read...still a few glitches in
the system. "Once the account is created, you still can’t upload
UEFI binaries for signature without first signing a paper contract. The
agreements are pretty onerous, include a ton of excluded licences
(including all GPL ones for drivers, but not bootloaders). The most
onerous part is that the agreements seem to reach beyond the actual UEFI
objects you sign. The Linux Foundation lawyers concluded it is mostly
harmless to the LF because we don’t ship any products, but it could be
nasty for other companies."