> attacking the hardware or firmware is hard while attacking the > bootloader is easy
Until software is abused in unintended ways to give access to firmware. Remember a computer virus that bricked many main boards in the late 90ties and the response and solution the industry provided to that? CIH (computer virus) [https://en.wikipedia.org/wiki/CIH_(computer_virus)] I think you made a key point here: what is within reach to an adversary remotely is much more critical than local access exploits. To conclude: access and applicability of the respective attack that stays undetected. > So if it's easy to do and the inconvenience is acceptable, it provides > protection which is in some cases unnecessary and in some insufficient > but is neither in all. I've met no inconvenience applying OpenBSD measures so far, makes all the difference. I abandoned some other slightly inconvenient choices.
