If someone intercepts the laptop (at airport, border control or a mail package), he can not flash the firmware anymore. No big deal, he can still replace the cpu or board with a backdoored one.
However, when a security vulnerability is discovered in the UEFI implementation on my mainboard, how do I get it fixed? Will the vendors be as good at providing the patches as Android phone vendors are? What if my board is two years old and the vendor doesn't care anymore, do I have to throw it away?
It seems to be that this makes the security worse, not better.
Not to say that virtually all proprietary firmwares I've seen are severely lacking in quality. They are slow as hell, have unpleasant visual presentation (with the possible exception of apple) and often lack essential functionality (a debugger, shell, boot from USB mass storage, boot from SD, ...).
My concerns
However, when a security vulnerability is discovered in the UEFI implementation on my mainboard, how do I get it fixed? Will the vendors be as good at providing the patches as Android phone vendors are? What if my board is two years old and the vendor doesn't care anymore, do I have to throw it away?
It seems to be that this makes the security worse, not better.
Not to say that virtually all proprietary firmwares I've seen are severely lacking in quality. They are slow as hell, have unpleasant visual presentation (with the possible exception of apple) and often lack essential functionality (a debugger, shell, boot from USB mass storage, boot from SD, ...).
I'm unimpressed.