Yes. Both modern intel and AMD CPUs require a signed firmware on boot, and there's no way to adjust these keys. This basically kills any attempt to keep the boot process open (but doesn't completely stop attackers because the signed firmware is vulnerable to a variety of attacks).