> Turns out secure boot is probably not secure against Uncle Sam.
Let me enforce this once again:
So-called "secure" boot is not secure at all.
So-called "secure" boot means ATPM "booting only cryptographically signed binaries". But for any general-purpose computation device be remotely useful, it has to have variable input and output, IOW: somewhere there will be a bug lurking and enabling some sort of exploit by clever manipulation of said IO. Booting only signed binaries does not enhance the security. You don't need Uncle Sam powers to jailbreak iPhones and iPads. At one moment (I assure it, this is still possible) I jailbroke my iPad just by acessing a cleverly-design website. I. e., no need for physical access, if the jailbreak developer was a malware developer, they could have sent a lot of "Caroline Dieckmann nude pics" links via e-mail, twitter and facebook and pwned a lot of iPads and iPhones all around.
So-called "secure" boot means if a key is appropriated by a malware developer, you have a patsy to say "hey, that is Jon's key! Fire him! Sue him!" and CYA.
There is no way -- and there will never be any way, without limiting deeply what computers can do -- to guarantee that all software you have in a computing device is what you think it is and does only what you think it does.