[fsflover]

The main difference is that the user owns the root of trust and doesn't have to blindly trust a (buggy) proprietary software from a commercial company. Also, the community review.

[JCattheATM]

You could still have that with UEFI though.

[fsflover]

But not with Secure Boot AFAIK.

[JCattheATM]

Well, yeah, you could, that was the point of my comment.

Coreboot supports secure boot, so why isn't that sufficient?

[fsflover]

Secure Boot is closed and not auditable.

[JCattheATM]

Not so, the reference implementation is open source and incorporated into Coreboot, for a long time now.

[fsflover]

The reference implementation is not the same as knowing which code runs on "your" hardware and having all keys from "your" hardware. If you are protected by a steel door but you don't have the keys, you are not safe, you are imprisoned.