> secondly, worrying about firmware security issues is silly, because if you can't physically prevent access to the computer, it's pwned anyway no matter how secure the firmware is.
Not true. Apple hired some of the best security experts in the world to build a system that was resistant to pwnage even if the attacker has physical access to the machine:
I just want to point out that this tweet is wrong when it claims that Secure Boot does not protect against physical presence attacks. This misunderstands the point of Secure Boot.
Secure Boot can indeed be disabled, but that will change the TPM PCR values, so assuming a standard BitLocker configuration, the TPM will fail to unlock the BitLocker key. So if you try to disable Secure Boot on such a machine, you will be unable to boot unless you have the BitLocker recovery key.
Not true. Apple hired some of the best security experts in the world to build a system that was resistant to pwnage even if the attacker has physical access to the machine:
https://mobile.twitter.com/XenoKovah/status/1425800637166596...