"I know a computer user who almost had a $300k sum stolen because his laptop was owned."
Was this unfortunate gentleman's laptop subject to unauthorised access by means of a compromised bootloader/bios? I have heard of very few exploits of that nature (but I'm not involved in supporting large numbers of machines).
I am no fan of what Microsoft is doing here, but it is an emerging threat profile and consequently some sort of boot loader signing makes sense. The exact design of course should be such that it is possible for users to update keys, however, because otherwise, once a key is compromised the whole system falls apart.
The concern is not that bootloaders/bios is compromised. It is that once the PC is compromised, the malware can load from the bootloader before the OS or antivirus can even load, and then hide itself from them completely, thus making it effectively invisible.
Think of it like a VM loader, an OS running in a VM may not even be able to find out if it's running on Linux or Windows, but the host can transparently see everything going on in the guest OS.
Was this unfortunate gentleman's laptop subject to unauthorised access by means of a compromised bootloader/bios? I have heard of very few exploits of that nature (but I'm not involved in supporting large numbers of machines).