Microsoft does not control UEFI. While they are (rightfully) mandating Secure Boot as part of the Windows 8 certification process, they are not mandating that it remain always on. The OEM/VARs should be providing a UEFI configuration option to disable Secure Boot. 

"At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves. We work with our OEM ecosystem to provide customers with this flexibility. The security that UEFI has to offer with secure boot means that most customers will have their systems protected against boot loader attacks. For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision."

http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx

On 19 Oct 2011, at 1742, Yasha Karant wrote:

> I apologize for the length of the popular press article that I am posting below -- however, the issue of MS controlling UEFI and thus preventing one from booting/installing Linux (or BSD or .. other than MS or presumably Mac OS X on an Apple branded machine) is significant and the article hits the main points.  Any ideas on a workaround?  Note that I and many of my colleagues run EL on workstations and laptops, accessing MS Win (when absolutely needed for a MS Win application not available under open systems) through VirtualBox or the like -- thus a server-only workaround will not be sufficient.
> 
> Yasha Karant
>