I think this is the first time someone has ever reacted non-negatively towards me online after I brought up the subject. UEFI has good PR and I think people refuse to believe the implications of what happened. It would be like having Google officially be the only CA for HTTPS certificates and then removing HTTP from Chrome. That's basically what the security community did with PCs.

That surprises me. Much better in my opinion to listen then to assume I know better - especially because I'm familiar with your work.

Even though Secure Boot can be disabled on most hardware afaict [0] that's still a step consumers won't take so the point still stands easily. Especially with the amount of "you will break everything and kick a a puppy" that manufacturers throw in there to disuade anyone who manages to get to the menu.

[0] worked at a repair ahop until 1.5ish weeks ago, have disabled SB on a lot of hardware.