>Thing is, because the whole design is closed as well as firmware, the security of it is near zero, even for sealing firmware device images (e.g. option ROM), much less bootloaders. Multiple security holes have been found.

This. It is secure only for MS, AMD or Intel.