> Weird collisions with desktop security features
Linux is not immune to BIOS/UEFI firmware attacks either. Secure Boot, TPM, and LUKS can work well together, but you still depend on proprietary firmware that you do not fully control. LogoFAIL is a good example of that risk, especially in an evil maid scenario involving temporary physical access. I think Apple has tighter control over this layer.
Yeah... attacks like LogoFAIL hit during the DXE and BDS phases when the firmware is acting as its own 'mini OS' before the handoff
Easier to comprehend here - https://vectree.io/c/uefi-firmware-architecture-principles