Never forget that “normal users” can be frightened by text 
(to some it also seems cheap).
Best part is, the logos at least 12th gen shows anywhere are png. But the base BIOS seems to be a very unified build from Insyde that includes all the parsers for all formats. Number one way to be more security conscious would be to only enable / add the code for the formats actually used. It’s modular after all. The AMD FW13 also had a PXE exploit listed (with FW stating they were unsure if it could be exploited, seeing as the FW does not support PXE booting anyway. Also an issue I do not think was fixed for 12th gen yet).
That just tells you that Insyde is not being defensive in there development at all. Just throwing tons of unused code in there, when they have proven that its not secure and they seem to not even test for robustness, even after the issues were publicized.
4 Likes