do you have any evidence to support that Tianocore is vulnerable to this type of malware (given that it doesn't support module injection/persistence, as implemented), or in any way less secure than a "traditional" payload? If not, then your warning strikes me as nothing more than FUD

On Wed, Feb 20, 2019 at 12:22 PM Ivan Ivanov <qmastery16@gmail.com> wrote:

Sorry if that's off-topic, but by using a Tianocore payload you could
be exposing yourself to the new UEFI-targeting NSA-grade malware. Of
course the coreboot is more secure when paired with more traditional
payloads. But I don't know about your setup, maybe the security is not
your primary concern...