[120391583]

It's a very real and terrifying threat. A standard PC has numerous components with their own firmware that can potentially be flashed. Some of those components may have integrity checking schemes that are supposed to ensure only vendor-signed code can be flashed or executed, but don't rely on those measures actually working as intended (and not being exploitable themselves). Hardware vendors are notoriously bad at this.

This is one of the reasons I'm so enthusiastic about the T2 and M1: a hardware root of trust designed by a competent vendor. (Yes, there is a flaw in the T2, but it requires physical access to exploit.) In my opinion, those are the only trustworthy desktops or laptops on the market right now. You'll notice AWS (Nitro) and Google (Titan) also have their own proprietary hardware security chips for the same reason.