I think UEFI has many problems. However, you should not confuse separate (but related) issues from each other. If the initial booting functions can be altered by the operating system, that is a different issue (which perhaps UEFI makes it more severe). An internal hardware switch to disable this function would be helpful, and possibly a software function that the BIOS disables once the system starts (so it can only be altered by the BIOS setting menu, or by a BASIC or Forth in ROM or something like that). Functions being restricted by internal hardware switches would improve security, especially if also the initial booting functions are made less complicated too; if you are paranoid then you could also use glitter or whatever to detect hardware tampering.
> An internal hardware switch to disable this function would be helpful
For desktops and mobos, maybe. Gonna be hard to make that work for laptops and phones.
But generally I'm in agreement. By the time I'm booting into and using the system the BIOS is no longer a discussion point; if I need to update it then I need to shut it down and get under the hood.
