> Along with SED, I suggest that you also implement Secure Boot. Can someone give me pointers to actually known attacks (not hypothetical ones, which I can invent myself without much difficulty) that would have been prevented by Secure Boot?
I can see that subverting the early boot might be a good way for rootkits to install themselves in a way that's hard to detect and/or remove, but it's not like there aren't plenty of other ways to get pretty much the same result. IOW it sounds to me a bit like putting a reinforced steel frame around a cardboard door. Stefan