> What exactly will "Secure Boot" achieve, in the context of a full system? What threats will it guard against?
It gives you the benefits of booting off read-only media but with the ability to update software without changing physical media. It provides a small limit on the ways an attacker can hide their activity by modifying your system and gives you some control over the software that you run, how much control you have is up to how much control you implement.
>At worst, it is deploying a system that will only secure systems against normal users, but not capable crackers (or those with access to the tools of such).
> If nothing, then it is (at best) labour wasted.
Agreed there is no point in wasting a lot of time on fancy control schemes when malware writers have clearly demonstrated the ability to just bury their malware in deeper layers of the systems if they have to. That's one reason why there hasn't been a lot of work on anti-malware tools on Linux although there has been a lot of work on sandboxing and containment technologies.