>Who the hell even needs this "feature"? Are we really so afraid of an "evil maid" attack? People who legitimately need it are a minority (some larger corporations and... paranoid people?) and can remove/add their own keys.
Correct me if I am wrong, but the evil maid attack needs a physically present malicious person. The vast majority of bootkits don't need this and can install undetectable malware across the internet.
A signed bootloader that loads a signed kernel(with things like signed filesystem drivers) which loads a signed antivirus executable will actually be able to detect bootkits.
That's the "sufficiently smart compiler" argument ("If only the world was perfect, then the world would be perfect, and although there is no evidence the world can in fact be perfect, and there is mounting evidence that it isn't, I will assume it can and will be made perfect soon enough").
Except for the boot signature, all of these could have been successfully implemented in the past and prevented everything you reference -- how on earth would an internet virus update the kernel or boot unless the kernel let it? but that wasn't the case.
There is no reason that secure boot would help in this respect.
Is this antivirus presumably missing the malware that would install the bootkit before it could actually do so?
If it gets to the point that secure boot is what saved you, then there was already a series of fairly disturbing errors. Layered security is good, but if it is really needed in a common case to this extent... what the hell is going wrong?
Well the problem is that antiviruses only know about publicly identified viruses. Everytime a new virus or a variant is released, a good number of computers get infected before the virus is identified and fingerprinted. If you are met with a state sponsored virus/malware, good luck with an antivirus companies even acknowledging it.
The way I see it, secure boot is like SSL, it stands as the last resort before giving up complete control.
Correct me if I am wrong, but the evil maid attack needs a physically present malicious person. The vast majority of bootkits don't need this and can install undetectable malware across the internet.