Comment Re:Bootman (Score 1) 355
You've missed my point: UEFI offers another layer of defense. (And not withstanding, the O/S being adapted to make use of the secure loading, local attestation, etc. etc.) Make sense?
With respect to loading something new - unsigned - depends on how the O/S implements attestation, right? And it does *not* have to exclude one for the other. This is the big deal about UEFI - the difficulty of managing the (trusted) signing keys so that coders can readily deploy a new and/or updated set of code (let alone, test drive it in production!).
And you're absolutely correct on running PHP or Perl or..whatever - unless they do something like Java's sandbox security mechanism (which according to most sources is the #1 attack vector for online attacks). Then you just get another can of worms to defend.