secure boot
@freakazoid I guess my more fundamental point here is that the situation with secure boot is similar to that with a lot of snakeoil.
If you start by assuming secure boot, you can certainly retroactively find reasons and justifications why it might be useful. But if you started with a *problem statement of end-user security*, and asked what the most effective and efficient solution would be, you would never end up at "secure boot" as the answer.
That sort of situation is a very reliable red flag for a bad technology choice, often one that has been argued for for undisclosed other reasons rather than the stated one (and I suspect that the 'DRM' and 'corporate hardware' cases are those reasons, here).