As usual, Matt's right on the money.

The only thing I'd quibble with him about is his position on the need for secure boot, which he described in a post written one week later. Secure boot involves an awful lot of (currently) brittle plumbing that has to be hooked together in just the right fashion. My infosec work and research hasn't revealed a threat level large enough to justify the development and maintenance expense of secure boot configuration. I will continue to recommend that people should disable the feature in the firmware.

I'm not that technically proficient, but I've already decided that if I were to have a UEFI/EFI Secure Boot-enabled PC or more likely motherboard, that the first thing I'd do is disable Secure Boot. Just on 'General Principles'.

UEFI is good. You can't really disable it anyway, although you can sometimes run it in "BIOS compatibility mode."

Secure Boot (a UEFI feature) is not so good. That's the thing to disable.

Yes, I have read some stuff concerning CoreBoot and the practical impossibility of using it on a UEFI system. I'm not going to pretend I know very much about it, but I've used flash software for modifying DVD burners. All the work was done by others writing the firmware that was flashed. But I also never bricked one either.

I've also had to (back in my Floppy days) flash my motherboard. That was interesting because the board had to be flashed with the original firmware first. And it had to be flashed with the second version before it would take the latest (4th) version. This was before Windows flashers were around I think. May have just been they weren't reliable. I can't remember. Getting old/er by the minute.