I think you are saying that secure boot isn't really a solution, and I think I agree. However it seems that there is still a problem and I wonder if anyone has any ideas that might actually work.
One of the freedoms that I want for my computing experience is the freedom not to run any malware. I have enjoyed that so far largely because Windows is a much bigger target than Linux. However that has not been a complete protection and will not necessarily continue to be any protection. Recent events show that with enough resources, almost anything is possible. Maybe my ethernet card already has a back-door that is allowing unfriendlies in.
One of the things that we do with software is to make unreliable systems more reliable. TCP does this for networks. RAID does this for storage. Multi-path does it for cabling. UPS does it for power (that isn't software though).
Is there some approach that can leverage redundancy or extra analysis or some extra strong segregation that is structurally immune to all non-physical-access attacks?
Or can we look forward to an unending arms race for control of our computers?