Your UEFI secure boot mechanism may be completely useless if its trust anchor is not rooted in hardware.

Multiple Boot Stages and Chain Loading
A modern computerized system is usually booted up stage by stage, where one stage loads and executes another stage. It is a well-known approach which is known as chain loading and is applied until an OS is up and running.

Chain of Trust
Each boot stage has well-defined responsibilities and on systems where secure boot is enabled, a boot stage also has to perform a signature verification check to establish a cryptographic chain of trust. A failed verification check stops the normal boot process, and a missing or improper check leads to a completely broken secure boot chain.

Purpose
Secure boot is a security control designed to ensure system integrity during boot time. It prevents users and attackers from running unauthorized code by performing cryptographic signature verification checks at every boot stage. Therefore, every piece of boot code and data must be signed by a trusted party using a secret key before deployment. Once implemented and activated, only authentic and trusted code is accepted and everything else is rejected.

Implementation Details
All secure boot implementations that I am aware of are based on a public key infrastructure. The hash value of a certificate incl. a public key needed to verify signatures is typically encoded in OTP electronic fuses during production. It is a region deep inside an IC chip which is used as a hardware root of trust and is considered to be immutable and secure.

The fused hash value is used as an immutable trust anchor in a chain of trust. Every boot stage is then able to use it as a trusted reference value when verifying certificate chains and boot images.

Broken Secure Boot Chain
You may have asked yourself how the very first piece of boot code is verified.. That's a good point because a verification check at this early stage is crucial and makes all subsequent checks useless if not implemented properly.

The cryptographic chain of trust must start in a tiny and immutable piece of silicon. On more modern systems, there are dedicated security subsystems called management engines attached to a motherboard, which can run and perform very early and critical tasks before a bootstrap processor is allowed to be released from reset. They have their own dedicated internal secure RAM and ROM and are responsible to verify a small bootstrap code that will be executed by a bootstrap processor.

Mistakes Made
📌 Vendor's boot screen logo is read and parsed at boot up by signed and vulnerable boot code. A specially crafted malicious image can be injected by an attacker when the image file is not expected to be signed. It can lead to arbitrary code execution in a privileged context.
📌 A signature verification check implemented in software can be bypassed by an attacker using fault injection techniques with a precise timing.