The bootstrap process on EFI systems

Yeah, nothing we've hit has been a strong security issue - there's been a couple of denial of service cases, but nothing that allowed arbitrary code. There *have* been issues in some firmware implementations that permitted arbitrary code to be executed, and some of those could be used to circumvent Secure Boot on some platforms. Software is hard.