Do you have got a system with uefi support? I have got 2 now and i really like it, you can get rid of grub, now i even know that you can boot with an initrd - you can specify that via efibootmgr like this:
As you see this example is not just using a single drive but an intel raid (raid 0 with 2x200 gb for testing) via mdadm and it works. With kernel 3.5 there is a problem that you can not use rdev anymore to force the root partition. So the minimal entry without initrd (you can not use uuid without) is now like this:
efibootmgr -c -d /dev/md126 -p 1 -l '\EFI\KANOTIX\linux.efi' -L 'Kanotix 64 GFX' -u 'initrd=EFI\KANOTIX\initrd.img root=/dev/md126p4 rw gfx=on quiet splash'
Of course you can use grub 2 too, but i experienced problems with grub 1.99, which is still in debian. It was not possible to install grub 1.99 onto my raid0. Then i compiled grub2 bzr (will be grub 2.00 later) and it worked, but basically you dont need grub at all. You can directly copy a kernel with efi stub support and if needed an initrd to a primary fat partition (if you use mbr) or just any fat partition (if you use gpt) and use efibootmgr to add a menu entry for the integrated boot selection menu in the uefi setup. This is a very tricky way to get dual boot when you have got a win 7/8 uefi install onto the same hd. You can of course reuse the efi partition which is already there, but it is pretty small if win 7 was installed. I had size problems when i compiled a custom kernel until i disabled debugging, the partition is only 100 mb in that case.
efibootmgr -c -d /dev/sda -p 3 -l '\EFI\KANOTIX\linux.efi' -L 'Kanotix 64 Pure' -u 'root=/dev/sda2'
Of course using uefi to boot does not enhance security - you can not change boot options until you change the boot manager entry but you can often run the efishell even from external usb storage devices - for debugging i would even add it to the efi partition. The fat partition is certainly unprotected as it can not be encrypted. Basically even if it would be possible to use secure booting for Linux i do not think it will enhance security at all. Not even for win (until you use encryption maybe) - when you think about it it will be clear. You can at least boot official ms boot media with win8, but that allows you to use a console (shift-f10). A console is enough to manipulate files on the hd and therefore you could change whatever you like or just copy what you want without removing the hd from the system (and without any valid login). I dont think that it matters if the live media used is Linux or win based...