It's come up in several meetings here, so we are well aware of it.
Right now FreeBSD has a google summer of code project to create a EFI
Once that finishes stabilizing, then I'll be doing some work on the
installer portion to make it "just work" out of box.
As for the secure keys thing, that is a bigger deal, since potentially
it makes us unable to dual-boot with windows 8. The issue is that if we
make changes do our boot-loader, or compile it from source (as we do),
then we would have to re-sign it each time to make it bootable. This
means you have to have our signature loaded somewhere in your EFI bios,
which may be a pain to do. The alternative is to disable secure-boot,
but then Windows 8 may refuse to start