> "YOU APPEAR TO BE INSTALLING A NEW OPERATING SYSTEM. IF THIS IS WHAT YOU WANTED SAY YES"
We all know that users click "Yes" on anything that looks like it might be a dialog box with a "Yes" button.
Possibly having the BIOS cache the boot sector, and completely refuse to boot if the boot sector is modified, unless they go into the BIOS in advance to say "okay, boot any boot sector once", would be helpful.
It may need to cache the stage 1 bootloader, too, and also the stage 1 bootloader will need to be expected to do checks on the rest of the bootloader on the kernel, to enforce the property you want that no untrusted code can run with privilege (and then the kernel does checks on the trusted components of userspace).
Of course, that makes it awkward to deliver software updates to the boot sector / stage 1 bootloader. So maybe those things should just have a digital certificate, and you need to go into the BIOS to say "okay, accept any new certificate once", but don't need to go into the BIOS to accept new boot sectors / bootloaders signed by the certificate.
And this is (unintentionally) starting to sound a lot like Secure Boot as actually defined. In fact, I think approximately the only difference is that Microsoft is being so kind as to let other people's code be signed by their certificate (and that Microsoft still has a monopoly over the PC market, so "being so kind" is pretty much the _least_ they could do to not be abusing their monopoly... but in a more competitive market, this seems technically reasonable).