Far too many security architects forget about this sort of thing. They model for the most extreme and least likely threat first, without really considering the victim in their threat model, and will throw away a security measure if it doesn’t happen to suit that extreme case.
The better approach to me, and the one I try to take, is to start with the more likely threats that impact the most people, resolve those, and then work toward the extreme threats.
A great example of this kind of thinking is folks who focus on and worry about 0-day defenses, but don’t have a patch management system in place so they can efficiently patch 20-day-old bugs.
Applied to PureBoot, it means we focus first on the threat from a remote attacker installing a kernel rootkit and possibly attempting to persist that root kit through a modified BIOS. That’s a far more likely attack that would impact a far larger group of users, than an advanced Evil Maid cold boot attack. Along the way though, if we design our measures well, we can start to nibble away at those advanced Evil Maid attacks and make them impossible or at least impractical.
With the right approach you are more likely to come up with security measures that protect the average person from the threats that they are most likely to face, and do it in a way the user may actually use, instead of disable. If you start with the spy threats, you end up with high security measures the average person will just disable.