Okay, so then you need to know the environment, which leads us to secure boot. It isn't perfect, but it is better than nothing.

So don't do secure boot at all rather than saying "when one step in the boot chain is compromised that can compromise all later steps"? How is that a better security model?

Giving up is certainly an option, but it is not the preferred option for some people (myself included). A partial option is definitely better than giving up, as long as it is well understood.

In this scenario, people who are ready to give up can simply stop updating their software, which will solve their issue. YMMV of course.