[wmf]

Intel/AMD/Apple have put a decent amount of work into protecting boot and EC firmware but all the other stuff is probably totally insecure. Any code running in kernel mode could flash a lot of different firmware. Note that built-in devices probably have their firmware bundled into the main boot firmware so they may be protected.

Just because something is possible doesn't mean it's likely that an attacker would burn a 0-day against you though.

[bigiain]

AMD have just had a big FAIL there:

https://news.ycombinator.com/item?id=42395618

https://arstechnica.com/information-technology/2024/12/new-b...

[PrimaryAlibi]

I asked about 0-day because I dont think anyone would use that on me. So if I know that it can only be done with a 0-day then I would practically be secure.

The first paragraph you made doesn't sound so convincing though with mostly "probably" and no source or explanation other than intel has put a lot of effort into protecting the boot rom and EC. If you or someone could elaborate further that would be great.