A bootkit doesn't give you any more access - only more persistence. At the price of having to tailor a payload to a hardware and software platform very carefully. For most attackers, that's just not worth it.
Now, if what you want to "secure" is your ability to gatekeep what software users can and can't install? What sources they can and can't consume media from? What system-level spyware and adware users can and can't remove? What operators users can and can't connect to? Then, suddenly, "secure boot" makes an awful lot of sense.
Which is exactly how "secure boot" is treated by vendors nowadays. It's there to "secure" something alright. It's there to chain device software to the device vendor securely.
There's a reason why modern "secure boot" originated on gaming consoles and TV boxes.
Would it?
A bootkit doesn't give you any more access - only more persistence. At the price of having to tailor a payload to a hardware and software platform very carefully. For most attackers, that's just not worth it.
Now, if what you want to "secure" is your ability to gatekeep what software users can and can't install? What sources they can and can't consume media from? What system-level spyware and adware users can and can't remove? What operators users can and can't connect to? Then, suddenly, "secure boot" makes an awful lot of sense.
Which is exactly how "secure boot" is treated by vendors nowadays. It's there to "secure" something alright. It's there to chain device software to the device vendor securely.
There's a reason why modern "secure boot" originated on gaming consoles and TV boxes.