Intel Tianocore is an open-source image of Intel's UEFI. Until recently this image didn't have the Authenticode that Microsoft uses for Secure Boot (PDF) but now it does include this functionality as well. Getting this into developers' hands will "widen the pool of people who are playing with UEFI Secure boot."
This will let programmers who don't have access to UEFI secure boot hardware have a "virtual platform [that] should allow them to experiment with coming up with their own solutions." But, Bottomley warns developers that "This is very alpha. The Tianocore firmware that does secure boot is only a few weeks old, and the signing tools weren't really working up until yesterday, so this is very far from rock solid."
Even so, with it developers can lock down the secure boot virtual platform with their own secured binaries that will boot and work on a UEFI Linux secured system. This is a major step forward in making it easier for developers to make use of UEFI security with their own keys.
This is the first approach: Create UEFI Secure Boot keys for your particular distribution. This is what Canonical is doing with Ubuntu. Some people, like the Free Software Foundation, hate this approach.
Fedora, Red Hat's community Linux distribution decided to work with Microsoft's key signing service, Verisign. So, in the Fedora plan, Fedora will create its own Windows 8 system compatible UEFI secure boot key using Microsoft's own system.
That has also gone over like a lead balloon in many open-source circles. Matthew Garrett, a Red Hat developer, defends it, saying that "it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions."