zlacker

The concern with boot infections aren't for standard every-day malware, which is perfectly happy to just mine crypto on your machine in a sandbox[0] or read out your browser cookiejar for login tokens at normal user privilege. The kinds of people dealing in boot infections these days are three-letter agencies looking to make very difficult-to-detect malware that they can attack other countries' infrastructure with. Likewise the companies that run said infrastructure would rather buy servers and client machines that will defend against such attacks.

Before you say, "well, they're the government, why don't they just compromise the secure boot CA"; the problem is that cryptographic signatures create evidence. If someone finds your boot sector malware you don't want it to be attributable - but signatures from an already-trusted entity create exactly the kind of paper trail you'd rather avoid. If Microsoft signs a boot sector virus, then it's obviously a US government cyberweapon, and any companies that find it in their systems will start suing. In this particular context, secure boot is a policy of "no execution without attribution".

[0] Which nowadays can even be done in a browser. Modern browsers actually have to have throttling and CPU usage limits because of this.