@ralfmaximus @dangoodin I think the concern is that businesses/orgs might simply “re-image” the compromised machine (usually means just wipe and re-install the OS) and move on. Until now, people mostly trusted that the Secure Boot stuff would protect them from a BIOS level persistence. (Even the most diligent of companies might have machines that are yet to be patched or must run an older browser version etc.)