said by OZO: For example, 20 years ago I already had computers, that offered secure boot by protecting MBR.
Which won't protect at all against something that (unknown to the system owner) overwrites the OS kernel file while running as root.
The only solutions I'm aware of to changing critical system files are:
(a) a return to
disk drives with write-protect buttons, which requires an OS file system structure that never mixes writeable files with critical readonly-except-for-sanctioned-updates files.
(b) protecting the chain of control with crypto; which in turn leads to a key-handling problem [the MS solution to which is what I suppose most people are really objecting to]
It's locks computer to specific OS and doesn't allow to boot any other OS's,
You're misrepresenting the true situation here. The mechanism does not distinguish between specific operating systems. It restrict booting to OSes signed with a known key.
You surely know this, so I think this must be FUD.