Secure boot doesn't give you control of your machine. It gives the person who creates the signatures control. Unless you have the power to create and trust your own signatures, you don't have control.
This doesn't stop tampering from going on. It just stops your machine from running after it's been tampered with. In theory, this gives you the opportunity to reverse the tampering. In practice, we'll see.
I don't generally trust firmware/hardware based encryption. Without the ability for the user to modify the key database himself it takes away more control of the machine, and in no way is it guaranteed to be unhackable (though it may afterward be unfixable). Give the user the ability to control the key database, and then I might trust it a bit more.
Rather Upside Down Reasoning
This doesn't stop tampering from going on. It just stops your machine from running after it's been tampered with. In theory, this gives you the opportunity to reverse the tampering. In practice, we'll see.
I don't generally trust firmware/hardware based encryption. Without the ability for the user to modify the key database himself it takes away more control of the machine, and in no way is it guaranteed to be unhackable (though it may afterward be unfixable). Give the user the ability to control the key database, and then I might trust it a bit more.