I know all that, but you have to agree UEFI makes everybody put a lot of trust on a series of black boxes we cannot inspect. Even if we assume getting a set of signing keys requires more computing power than physically available, we cannot rely on it not being available through less compute-intensive ways.