mjg59 MITRE gave a presentation on UEFI Secure Boot at SyScan earlier this month. You should read the the presentation and paper, because it's really very good. It describes a couple of attacks. The first is that some platforms store their Secure Boot policy in a run time UEFI variable.