Secure Boot on Arch Linux

Secure boot is a part of the relatively new Unified Extensible Firmware Interface (uefi) specification that allows verifying the legitimacy of early boot code using a public key infrastructure. It has been widely criticised due to the fact that it could prevent non-Microsoft-blessed software from booting if a user cannot change the keys or disable the feature. I am going to ignore the political issues, and focus on how to use secure boot to protect the boot process of an Arch Linux system running on a Thinkpad x240.