Re: The problem with that is...
"What is UEFI for and why does it even exist?"
Well booting modern PCs is hard, as there was always a strong push for compatibility in areas where it was questionable. One example is the support for emulating AT-keyboards when you only have an USB keyboard. (that's used for running Windows, which took quite a while to support USB, to work with USB keyboards) For that you have things like "Service Mode" which contains highly privilidged code running on your CPU.
However today we can get rid of most of that stuff. Operating systems today either use BIOS functions or they have direct hardware drivers for current hardware. So in theory we could get rid of "Service Mode" and other bugs like it.
However allow me to introduce a conspiracy theory. Imagine you work for a secret service. You'll look around you and you notice something terrible happening. More and more people are encrypting their communications, less and less of that code comes from companies you can controll. It's simply not feasible to add a weak cypher to a crypto suite without people getting suspicious.
However you have one chance. If there are bugs in the implementations, you can find and use them. Now the crypto-primitives (AES, hashes, etc) themselves are rather secure. They have defined inputs and outputs, and if 2 implementations deviate at least one of them is simply broken. What is left is the protocolls. So what you do now is to support bugs. The easiest way to do so is to make the protocolls so complex, that nobody can implement them without making major bugs. Introduce certifications so people are afraid of cleaning up code. The more complex your protocol will be the fewer implementations you will have and the more bugs those implementations will have. If I worked at a secret service, I would love HTTP/2 as it greatly increases complexity at both the server and the client. I would love the modern web with it's numerous redundant features. UEFI would seem heaven sent, as it means that BIOS chips will be really large, and end user neither have any chance of knowing if it'll be bugged nor be able to use their own, minimalistic and safe, versions. It'll be like in the "good old days" where you could just tell Microsoft to include your key into the system.