@freakazoid While complexity is a real issue, I think the problem is of a different nature here: bootloader security should not have been the firmware's job to begin with, this is something that is IMO handled much better on an OS level, which can finely control which things can or cannot mess with the boot setup.