What is the impact of Windows 8 with UEFI on normal users?
It will make it possible for Microsoft, in cooperation with specific motherboard vendors, to lock specific motherboard models to only boot to operating systems signed with a Microsoft-supplied key. You will still be able to run any application you want once the operating system is installed. The only thing that is locked is the boot loader.
At present, no motherboard vendors have any plans for such locking, several have expressed a strong disinclination to ever allow it, and Microsoft has claimed they are not asking for any such locking. You're safe for at least the next decade or so.
Even if the equation changes and such locking does begin to occur, the relatively open and accessible nature of PC hardware and the operating environment in general would make cracking the required digital signature lock a relatively simple operation for hackers.
What will more likely happen is that large IT departments are asking for a way to prevent users of institution-owned equipment from installing non-sanctioned operating systems. We might see vendors offer customized locking, where they pre-set the board with a key supplied by the IT department, and Microsoft adding a feature to sysprep that allows IT to use the matching key in their installer image.
The largest side effect here is that many of these businesses also lease their equipment, and there is a significant and growing market for 3-year-old off-lease merchandise. Locked motherboards could impact the value of this equipment.
First, some definitions:
Secure Boot is a feature of UEFI, which allows the firmware to verify that the boot loader is cryptographically signed, and the certificate can be traced back to one of the root certificates stored in the firmware. This feature prevents unauthorized boot loaders on platforms where this feature is enabled. Only very small minority of malware uses boot loaders in any way.
From Windows engineering team blog:
For Windows customers, Microsoft is using the Windows Certification program to ensure that systems shipping with Windows 8 have secure boot enabled by default, that firmware not allow programmatic control of secure boot (to prevent malware from disabling security policies in firmware), and that OEMs prevent unauthorized attempts at updating firmware that could compromise system integrity.
This means that nothing prevents OEMs (computer manufacturers) from including a "BIOS" feature that enables/disables secure boot via the user interface. (I use quotes for the lack of better name of a pre-boot environment where you configure comptuer settings. It is called BIOS now buy I doubt that people will call UEFI "the UEFI") Thus, you will be able to boot Linux or use some other unsigned boot loader. How this feature will be implemented is yet to be seen, of course.
I think that this feature will be used by some OEMs to completely lock down their computers. If you cannot use any bootable media except some authorized one, you cannot really switch to other OS or even install Windows from a non-OEM-supplied disk. But for the vast majority of users nothing will change, as this feature will have very small impact on them.