Any malware which can compromise the bios can install whatever secure boot keys it wants and tell the OS everything is hunky dory.
This is exactly the problem, people are suggesting that the way to secure their system is to give the BIOS guys the keys to their computers. I'd argue that the BIOS providers are the LAST company on earth we want to be responsible for securing the computer. Maybe if CoreBOOT was standard and Phoenix, Award and all the other culprits were gone it might be an option but these are not companies with a either a track record of reliable updates let alone security and we're talking about giving them the keys to the entire system. It's scary, and what's scarier is that people think it's a good idea.