Not All Skittles and Beer...
The PC BIOS was long overdue for retirement, but is UEFI an improvement? UEFI is huge, and it duplicates a lot of operating system functionality. More code equals more features. It also means more bugs, and more potential vulnerabilities, which is worrisome in a pre-boot environment that holds to the keys to every part of your computer, all of your software and hardware.
Why Secure Boot?
Windows has become somewhat less vulnerable in recent years, partly because of tools like validation checkers. There is a chain of validation that goes something like this: The bootloader asserts that the kernel has not been tampered with, and allows it to boot. Microsoft has required signed drivers for the past few years, so the next step is for the kernel to verify driver signatures. Then when users run a malware scanner they have a reasonable assurance that the answers it gets from the kernel are accurate. So a logical point of attack is the bootloader. Compromise the bootloader, and then you can load the kernel into memory and alter the kernel in memory. And then do whatsoever you will.
But even if your bootloader, kernel, and drivers are safe, this does nothing for userspace, like infections via Web browser. There are plenty of meaty morsels for malware to munch in userspace, and anti-malware software is never 100 percent.
Despite all the questions about its safety and actual security benefits, Microsoft requires, as a condition of receiving the official Windows 8 certification, that hardware vendors enable UEFI Secure Boot by default on client systems. They may use their own signing keys, or Microsoft's. There are financial incentives to getting that official certification, so they'll all do it. Windows 8 will boot without Secure Boot, and it will install on legacy hardware. But later this year, as the new OEM Windows 8 PCs enter the market, they're going to ship with UEFI Secure Boot turned on. So everyone who doesn't want to hassle with Secure Boot will be forced to. Originally Microsoft did not even want a disable option, or to allow users to use their own keys and certificate authorities, but they changed their minds for x86 hardware.
This information credit of Linux.com
If you find this article or any others on this page please feel free to share.
Thanks for reading.