1) Whatever it does, it can be nullified by malware that gains root-level access AFTER the OS has booted (which is the norm). And if the malware managed to modify the bootloader, of course it has already gained that access, hence no effective protection is added, UNLESS you are running a machine that doesn't allow unsigned software to run (EXEs, batch scripts, stuff written by the user) that could have been installed or patched by the malware. But clearly this is not Windows as we know it today.
Moreover, locking down the machine (this is the only firmware behaviour authorized by Microsoft when the so-called Secure Boot restriction is violated) is arguably the worst outcome for desktop users, as they will be left with no way to service the machine (beyond running "rescue partitions" which of course are static and therefore can't contain anti-malware software), and with no access to their data.
2) Malware that operates by modifying the boot sequence is extremely rare today, because it must target specific hardware, and is associated with government-sponsored attacks. Of course, three-letter agencies are only a piece of paper away from having their malware signed with legitimate keys.

Read the thread. I'm no parrot.

"Unless" is they key word here.

Imagine that I am an operating system vendor and I want to sell an OS. Describe exactly what I have to tell my customers before I sell them my OS.

Imagine that I know an unskilled person (grandma) running an old version of Windows that is no longer supported on an otherwise perfectly fine machine. Describe exactly what I have to tell her before I propose to install Linux, or a commercial OS costing less than the new version of Windows, on her PC.

Imagine that I am a student and I've heard about this Linux thing. I'd like to try it on my PC that I bought off a shelf a couple years ago. Describe exactly what I should do to try Linux on my machine, fix it when it doesn't work and add new features to its kernel.

I don't know if you're the same Microsoft supporter as before, but in case you aren't, I'll repeat that we are talking about "designed for Windows 10" machines which aren't for sale yet.

No, because that would prevent the user from buying copies of future versions of Microsoft Windows.

Because the OEMs are known not to care about letting the users fiddle with advanced boot options. They are also known to make firmware that, for example, will crash the machine from SMM when running a non-Windows OS: I've owned such PCs (that bug was meant to be a fix to make Windows 2000 run on that hardware). If the machines they make don't boot Linux, it's because they don't care, or haven't the resources to support Linux, not because of malice. But it's Microsoft who put these hurdles for them (and the users) to overcome. It's their decision that will lock people out of their own PCs, not the disinterest of the OEMs, which has always been there and is not changing.

Yes of course. That's where I usually lose most of my karma points.

You've just admitted that there's "overhead" in the overall process of the OEM to add an option that disables the so-called Secure Boot. Hence, OEMs that want to get rid of this "overhead" WILL remove the option. Thanks for proving my point.

That is, to keep Linux out of of the users' PC as I've been stating from the beginning!

My friend, in this world pressures against OEMs are the norm, not an exception.

I'm not denying that Linux users are a minority. I'm stating that they risk to become zero thanks to these dirty tricks. And this will harm the market of Linux on the servers, too, because of the way how people become Linux contributors. And I'm stating this in a comment which, if you bother to read, was meant as a response to someone who said "Microsoft supports Linux now".

They have been doing stuff like this endlessly for decades. Remember Bill Gates' "we should make ACPI Windows-only" in the 90s?

A statement is true when it's always true, not when it's true sometimes and sometimes not. You didn't even bother following the line of reasoning.
Microsoft supporter: "SecureBoot is useful and gives no problem to the user"
Me: "No, it's unuseful and here's how it harms the user"
Microsoft supporter: "Eh, but you can always turn it off"
Me: "Not anymore."

That's not true any more. That's the news. People will install Linux on their laptops, find out that hibernation isn't working because of the so-called Secure Boot restrictions, get angry, and just give up Linux and go back to Windows and its world of post-boot malware.

Impossible, no machine could ever be sold without the capability to boot from an external device, as this would prevent installing Microsoft Windows on it.

Actually, what we have seen is that people saw the so-called Secure Boot as the unuseful and harmful thing that it is, and a limited number of Microsoft supporters labeled them as hysterical idiots pointing at the fact that it could always be disabled. Well, now it's no longer true, as widely expected by the hysterical idiots.

Leaving aside the fact that "leaving the onus on the OEM" already is an anti-competitive, anti-consumer and anti-free software behaviour, since you are less malicious than me, can you give a non-malicious explanation about why the requirement of being able to disable the so-called Secure Boot is being lifted now? What problem are MS trying to solve? The rising wave of hypno-malware that induces users to enter the firmware setup utility on their machines and disable boot restrictions?

What happens when your PC is restricted by the so-called Secure Boot scheme is well known. The problem we're discussing here is the potential impossibility to disable it induced by Microsoft into future computers.

Certainly I can't tell you about specific negative effects from the so-called Secure Boot, since the lack of a way to disable it is a proposed feature of Windows 10 which, as you certainly know, hasn't hit the markets yet. I could tell you about the large amounts of malware that I have had to remove so far from Windows 8.1 update 1 machines notwithstanding their so-called Secure Boot feature in place, but I suspect that wouldn't be the kind of story that you want to hear. As for pointing fingers, when somebody gets eaten by a lion, I don't point the finger to the lion, but to the person who opened its cage. Bear with me.

What's my complaint, you ask. My complaint, I'm sorry if it wasn't clear, is not being able to install the software that I want on the PC that I own. Everyone around here has understood perfectly what's going on: the so-called Secure Boot adds no security on a system where the user is able to install third-party software (or his own) and therefore it is merely an obstacle put in place by Microsoft (not the UEFI forum, not the OEMs, not anyone else) to make it harder for end users to replace Windows with something else. Being upset for this is not an "emotional problem against Microsoft", it is a very pragmatic stance. If anything, if you want to see something emotional, it's calling a company which behaves this way as "the new Microsoft that supports Linux", which is the reason I bothered to write my original comment. And that's, of course, a perfectly acceptable emotional behaviour; we'd be robots without emotions. A less laudable kind of emotional behaviour is making personal attacks about the richness of my vocabulary. Yes, my English skills are limited. But being able to master a wider portion of the English language won't help me when I get a blinking cursor because I tried to remove Windows, or because a malware has modified some image measured by the so-called Secure Boot infrastructure.

If I buy hardware with so-called SecureBoot, in any form, it's because Microsoft forced the OEM to implement it. Don't make it look like Secure Boot was a misfortune fallen from the sky.

This is unacceptable for so many reasons, do I really need to enumerate them all, once again? We've already gone through this when the "new" Microsoft forced on the OEMs (and therefore the users) the so-called Secure Boot restriction for Windows 8; back then all Microsoft supporters claimed that it wasn't a big deal precisely because there was the warranty of being able to disable it.

They are removing from users the choice of installing an operating system other than Windows on their hardware of choice.

Of misdirected, here, is your failure to comprehend the implications of removing in general the ability to install an operating system other than Windows on the PC architecture. For competition in general, and in particular for an operating system which is developed by end users who install it on their home PCs.

The all new Microsoft that, as expected, is conspiring to lock Linux out of people's computers by means of the so-called SecureBoot?