I don't understand the conflation of uefi with secure boot. Uefi can be independent of secure boot—I use uefi and have never enabled secure boot—the purpose of uefi was to consolidate definition and discovery of various bios-level APIs. Probing memory, setting video modes, and more; these things were poorly specified, and implementations frequently differed. Uefi is huge and overengineered, but it's still a definite improvement.
Yeah I’m not sure either - I’ve used UEFI only on my last few laptops (mostly Dell XPS) and it’s been great. Sure, the process is a hair more confusing, but there’s massive benefits and it’s FAST. In particular, I’ve been impressed with systemd-boot and how you can use systemd-analyze and logging to really understand _everything_ that’s going on in your boot chain.
I also really like the capsule firmware update mechanism, I’ve been able to use fwupdmgr to keep all of my devices firmware up to date, from Linux, without freeDOS or windows foolery. Additionally, the Dell UEFI BIOS supports booting right to the firmware update cab or exe, further strengthening the utility of a Linux-only install.
I'm going to go a step further and say that I absolutely adore UEFI. Why should I have to install my own bootloader to multiboot? Why can't the motherboard do that for me?
With UEFI I can set up my own boot entries and boot directly into whichever Linux kernel I like with whatever arguments I like. I can write a script that easily boots me into another OS exactly once. And it's a delight to not have to think about traditional bootloaders anymore.
You can of course leave secure boot disabled in UEFI, but you can’t run secure boot with BIO, to my knowledge. That’s why the association - if you want SB, use UEFI.
Not sure I've ever seen anyone wanting secure boot. what is it actually good for aside from generating searches for Google when you have to figure out how to circumvent it?
I prefer to use Secure Boot when it makes sense. It completely shuts down lots of incredibly hard to detect forms of malware. Its nice knowing the boot environment is exactly as I intended and hasn't changed.
It makes sure that someone didn’t boot into another OS on my laptop and try to decrypt BitLocker, since BitLocker will hard lock if the secure boot keystore is fiddled with or if a USB drive is booted from.
I wouldn’t run any laptop without it and drive encryption. The combo are really tough for a bad actor to bypass. In terms of things that make me worry less about having a laptop stolen, SB&DE are tops.
