Secure or configurable, pick one. 😦 On the Windows PC world, this shows up as UEFI with Secure Boot. On the Chrome PC world, this shows up as coreboot with Verified Boot. Mobile device vendors are also having to deal with it, as this article on XDA Developers discusses:
[…] The truth has been there for some time. The more we rely on these same devices to handle very secure data and tasks, the more we have to make sure that they’re secure. Let’s take the recent kerfuffle with Samsung. Secure boot features from Qualcomm block anything with an improper signature being run on the system, including custom recoveries, kernels and ROMs. That may be frustrating for those of you who want to do that, but we have to realize that a much larger part of the market share neither wants, needs or even expects the system to allow such a lack of security. It’s not what’s actually being done that’s the problem; it’s what is made possible by the reduced security that poses the greater risk. To further reinforce the fact that this is becoming the norm, readers only have to understand UEFI Secure Boot and how that is doing the same thing in the PC world. What does that mean for those of us who want to see open development on those mainstream devices? Just like PCs still have options that don’t require UEFI Secure Boot we will continue to see options in the world of Android that will remain open. […]
Full article:
http://www.xda-developers.com/opinion-why-end-user-devices-are-locked-down-for-security-and-why-they-have-to-be/
Firmware Security 