Unless you're arguing for something new and different, the only other option you have to UEFI secure boot, is completely unverified boot which provides zero security.

And that has to be less secure than UEFI by definition.

In that regard arguing about how UEFI brings attack surface seems misguided. Yes, there's is an attack surface, but that's only because now there is something to attack where there previously was a fully open door.

What you're saying is pretty much that any imperfect security measure lessons security compared to no measure at all, because it brings attack surface. That's a fairly backwards way of thinking.