hypothetically, if firmware is said to be compromised, I can just reinstall it even if I am on the newest version already?
Well if the firmware has installed a trojan, no. In that case, get yourself an installation device installed on a clean system, and reformat all over. This however works only of EFI/UEFI/BIOS has not been breached.
get yourself an installation device installed on a clean system, and reformat all over.
done
help me think this through a bit more, what am I doing in this case?
and can I generally just run the bios updater again for fun, even if on the newest version? (hypothetically)
Load defaults in CMOS/EFI/BIOS setup, and re-apply a BIOS update from external clean USB.
You have to delete all existing entries in the UEFI tables → Check: efibootmgr under linux.
Wait you weren’t just trolling?
I’m usually always half-joking and half serious, I’ll let you decide which was which xD
I also read that wifi cards can launch “Option-ROM” in UEFI even while turned off, and buying cards from uncertified vendors from Amazon where it launched my laptop on its own might’ve done that… rather be safe than sry.
https://www.reddit.com/r/intel/comments/x6s13c/can_a_pcie_wifi_card_contain_malicious_software/
There are lots of ways a malicious pcie device could mess with your system, if you are using secureboot option roms aren’t really one of them though.
You also gotta check if someone put something evil onto your ssd, that’s on the pcie bus too XD