Actually it doesn't make much difference security wise on a laptop
If you have physical access to a laptop, you can just use a PCI Express card to access the RAM of it to bypass everything Secure Boot could ever protect. If the laptop doesn't have PCI Express, you can use Firewire, or Thunderbolt or if you have a zeroday in the Windows USB stack, USB.
Or you can install malevolent hardware, e.g. an LTE card which will compromise the system once the user unlocked the harddisk. All of those paths can be packaged into nice easy to use solutions.
In short Secure Boot is not about improving physical security. It can only secure business models.
If you'd want an actual "more secure than your average Linux box" mobile device, make a very slim terminal with all the complicated bits (GSM connectivity, WIFI, etc) outsourced to extra modules connected via simple serial interfaces, and make the terminal itself so trivial and simple that its code will be secure and bug free. Obviously that means having something trivial that only talks to your servers and uses shared keys or some simple key exchange. Then you seal your hardware in non transparent resin, wrap a sense wire around so it'll destroy all of its keys when its broken, seal that in resin, too, and wrap that in a transparent resin with glitter in it, to make it tamper evident.
If you want a lot more security than you could ever gain from Secure Boot, but are on a budget and still want a "propper PC", just get some nail polish with glitter and paint it over all critical ports (USB, Thunderbolt...) and screws. Then make a photograph. This will make any attacks SecureBoot claims to protect you against visible... at a fraction of the complexity and without giving up ownership of your own computer.
Biting the hand that feeds IT
