I've never really understood what this is supposed to do. What does it check, and why can't malware fake it out? What are the use cases for running it?<p>In particular it's pretty easy to build a malicious bootloader that interposes on EFI variables (like secure boot config) and reports that they contain things that they don't contain.