BIOS also got very large and complex, that's why there was such need for it to be replaced. In both the case of the BIOS and the case of uEFI, it is possible to protect them from tampering or not.
A lot of what you're saying is largely FUD, since all you're doing is listing off random uEFI features and waving your hands around while implying it is "bad" and we're all doomed. But you haven't pointed out a single reason why it is worse than BIOS, in fact BIOS is even more of a "black box" in many cases and thus was even more security through obscurity.
Several uEFI implementations have a checkbox that when unchecked will simply block all updates. If you uncheck that and enable a password, many of these persistent threats are stopped in their tracks. If you know of a specific alternative vector for installation, then contact the manufacturer as a matter of security.
The only reason that uEFI malware is taking off is not because uEFI is inherently more insecure, but instead because uEFI is better documented, it is easier to get reference builds, and easier for people to learn. But, again, all you've done is exchange obscurity (BIOS) for known threats (uEFI). Either way an expert monied adversary (e.g. state security services) could launch an attack.
Systems with UEFI are more likely to also support virtual machines at the CPU level which makes it much easier to transparently slip in a layer under everything else.
A lot of what you're saying is largely FUD, since all you're doing is listing off random uEFI features and waving your hands around while implying it is "bad" and we're all doomed. But you haven't pointed out a single reason why it is worse than BIOS, in fact BIOS is even more of a "black box" in many cases and thus was even more security through obscurity.
Several uEFI implementations have a checkbox that when unchecked will simply block all updates. If you uncheck that and enable a password, many of these persistent threats are stopped in their tracks. If you know of a specific alternative vector for installation, then contact the manufacturer as a matter of security.
The only reason that uEFI malware is taking off is not because uEFI is inherently more insecure, but instead because uEFI is better documented, it is easier to get reference builds, and easier for people to learn. But, again, all you've done is exchange obscurity (BIOS) for known threats (uEFI). Either way an expert monied adversary (e.g. state security services) could launch an attack.