You will notice I never said that both sides have the same amount of violence (since I don't think that that's actually relevant), so you are responding to a point I never made to begin with.

This sort of thinking causes extremism and division. It only perpetuates more of the thing you don't want!

It's also empirically not true: there are crazy people on both sides, but most people are pretty reasonable. If you treat them as if they are, despite your differences, they won't feel so alienated and perhaps you can both have a productive conversation. Both sides views are then likely to soften, and you can maybe even start working together.

Plus they signed the shim loader for Linux anyways so they almost immediately gave up any "control" they might have had through SB.

Petya/NotPetya, Alureon, Carberp/Rovnix, Gapz, LoJax (firmware rootkit!).

All of these attacks would be thwarted by SB (and in Petya's case, simply having UEFI enabled at all, since that was only for BIOS machines)

So I'm a little confused about the "can't threat model for shit part," I think these sorts of attacks are definitely within most security folks threat models, haha

Backdooring your kernel is much, much more difficult to recover from than a typical user-mode malware infection.

My mom uses Secure Boot with Windows and doesn't know or care that it's enabled at all.

Sure, but an attacker could still overwrite your kernel which your untouched bootloader would then happily run. With SB at least in theory you have a way to validate the entire boot chain.

> why weren't they more common before?

Because security of the rest of the system was not at the point where they made sense. CIH could wipe system firmware and physically brick your PC - why write a bootkit then? Malware then was also less financially motivated.

When malware moved from notoriety-driven to financially-driven in the 2000s, bootkits did become more common with things like Mebroot & TDL/Alureon. More recently, still before Secure Boot was widespread, we had things like the Classic Shell/Audacity trojan which overwrote your MBR: https://www.youtube.com/watch?v=DD9CvHVU7B4 and Petya ransomware. With SB this is an attack vector that has been largely rendered useless.

It's also a lot more difficult to write a malicious bootloader than it is to write a usermode app that runs itself at startup and pings a C2 or whatever.

Does that mean that Microsoft doesn't also use it as a form of control? Of course not. But conflating "Secure Boot can be used for platform control" with "Secure Boot provides no security" is a non-sequitur.