[freakshot]

>Can I ever trust the hardware again?

I never heard of malware soldering hardware implants onto the device ^^

For firmware you need to dump it and then compare afterwards.

>I don’t think we’re at a point where a firmware compromised graphics card can’t reinfect the processor?

Nation state based firmware attacks exists since at least a decade. Some professional hacking teams are also already making use of those. You can find POCs, publications, talks, blogposts for probably everything which has flashable firmware. These attacks are very real. Only reasons you don't find that stuff in the wild is because no one is looking for it, your average antivirus won't detect it and it's used mostly for targeted attacks where you need advanced persistence/stealth and early compromise of the OS. Firmware security is a mess. USB, HDD, GPU in particular. Even for all the UEFI verified/secure/whatever boot where at least some more mitigations are in place, holes get found once in a while. Just a while ago had an attacker pwn through a standard qemu/kvm setup trying to flash the BIOS. Wasn't that successful with flashing though ... because muh mitigations. You either need to check or keep the firmware read only.