Secure boot

• An important and controversial component of the UEFI specification is the secure boot configuration. Theoretically the secure boot is designed to address a security issue, which is a root kit attack. In real life, this is a non-issue and of no concern whatsoever. What the secure boot mechanism is actually for is to protect the vendors who wrote this specification from the installation of competitive products on hardware which they have OEM contracts with. Root kits require physical access to sensitive parts of a computer system. Without physical security, one can never have security of any kind. As a vector, firmware root kits are one of the hardest attacks on a digital system. Gartner reports that in 2013 over 19 BILLION dollars was spent on security software, nearly all of it targeted for Microsoft Windows viruses and worms.[12] The 2013 security report from Sohpos outlines nearly ever possible vector for malware on all platforms, with special emphasis on emerging devices. In their comprehensive report firmware attacks are not considered even a viable vector.[13] The standing threat is still standard Microsoft Windows. For example, Microsoft shipped its latest operating system with a sliding gadget that immediately had to be withdrawn because it served as a vector for multiple malware attacks. [14]

  First and foremost, Secure Boot is about vendor control and not security.