I'd love to see data on what verified boot actually stops. The ideal malware implants itself at the lowest level possible. Is there good public data on these kinds of exploits on #Android #Debian #Windows #iOS etc? Does standard spyware do that? Writing to /system requires a root exploit, lots of malware never gets root. How often there are vulns in #VerifiedBoot itself. Here's a real world full #exploit of verified boot:
https://threatpost.com/multiple-vulnerabilities-found-in-nvidia-qualcomm-huawei-bootloaders/127833/