Re: The only thing worse than bad security
The problem with (x86) old BIOS is that it's 16 bit. As in, if you're in 32 bit ("protected") or 64 bit ("long") mode, you have to switch back to 16 ("real") mode, call your BIOS function, then undo the switch. It's... a bit of a pain. So if at all possible anything not running real mode would bypass the BIOS as much as it could. There's a lot more wrong with it, like how it assumes a single user sitting in front of the box. There's lots of hardware, even a complete CPU in the southbridge with sees-traffic-before-you-do access to the network and a OS you can't neither access nor update, to sort-of make up for (some of) those deficiencies.
The problems with (U)EFI start with massive over-engineering ("second-system effect"), and it goes downhill from there. (Let's skip the list.) Secure Boot certainly isn't its only problem; even on the best of days it's really a control mechanism, not a security mechanism. It also doesn't resolve the manageability problems BIOS gave us, and so perpetuates those.
In short. PCs are a limited idea, and (U)EFI doesn't really fix most of BIOS' problems for a rather large complexity bill. The security problems didn't get resolved, but mostly added to.
Going back to BIOS is not something anyone who has to work with it really wants, but (U)EFI isn't the solution either. Me, I'd do a rethink of the concept "PC" and design a firmware to match that. Possibly something along the lines of OpenBOOT (Open Firmware) with some nice frontage for the blinkenlights set. But then I'm neither intel nor microsoft so nobody's gonna listen to me.
But there's still truth in the old adage: "Real servers are headless." PCs can't do that, neither BIOS nor (U)EFI. Old Unix boxen could, even if they came as workstations and so did have a head.