Re: Damned if they do
Criticise them for the ease of having bootloader malware then when they do secure boot stuff to guard against it criticise them again.
Consistency anybody ?
Why would you think it is the same individuals criticizing the lack of secure boot and the presence of secure boot? Some people think it's good, some people don't. The lack of consensus on the issue doesn't suggest that there's any inconsistency-- it just means people don't all hold the same opinion, like a lot of other things.
As always, the devil can be in the details. Secure boot that is not meant to restrict user choices is a benign thing, and there's no harm in having it there. If you don't like it, turn it off! If it's not meant to restrict user choice, turning it off will actually work.
In my laptop's UEFI, secure boot "just works" with the Ubuntu signed bootloader. In addition, I can select any bootloader on the system and select it (whitelist) as trusted. The UEFI generates a hash of the bootloader and will refuse to boot if the hash changes on any given boot, just as it would with a signed bootloader that no longer matched its signature.
It also works just fine with secure boot off. There's nothing "bad" as it is implemented on that laptop.
The people who do criticize secure boot may think that it is the camel's nose in the tent in terms of locking the system down in terms of OS, as we're discussing here with Apple. I would not be happy with that, but none of the secure boot PCs I've set up thus far have had anything like that. As it has been implemented in PCs I have used, secure boot is an optional security feature that can be effectively disabled (which is apparently not so with the Apple product in question).
Biting the hand that feeds IT
