-Secure boot is a UEFI protocol not a Windows 8 feature
-UEFI secure boot is part of Windows 8 secured boot architecture
-Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
-OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
-Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows
Above is from http://blogs.msdn.com/b/b8/arc... with some modifications.
In the Intel reference UEFI implementation I have used, I could easily add and remove keys and customize it to implement the trust policy I wanted. This is up to your OEM to implement these features, nothing to do with Microsoft. For their certification program, Microsoft *requires* that SecureBoot is disableable and that the secureboot policy (list of trusted signatures) is customizable by a physically-present user. People whining that they can't install Linux on their systems because of Microsoft have no idea what they are talking about.