@niggy >it's designed to be electronically incapable to running unsigned UEFI firmware (intel boot guard)
Aside from how the wiring layout and hardware was designed by codemonkeys as well, so state level actors and decently skilled malware writers can bypass intel boot guard (resulting in the only guarding being against your computer booting with free software).

>These protections aren't 100% perfect but they do seriously work and make attackers lives so much harder, often just not worth the effort
They don't work at all against determined attackers - although attackers may go after easier targets first instead or take a bit longer - so no real security gains have been realized.

>even NSA's SMEs were affected by storage drives starting to secure vendor-commands/firmware around that time, it fucked them up
Maybe the NSA was stopped from trivially being able to install their own storage drive software, but all that would do is either make them attack something else, or even make them write more advanced infection software (they obviously added more self-hiding features this time after reading wiki page as well).

>if vendors allowed installing custom UEFI firmware we'd have ransomware campaigns except granny would have to throw out her physical hardware instead of just reinstalling windows
That's what they want you to believe, but it's not the truth.

Despite all the computers with BIOS's without digital handcuffs that are still being used, I haven't heard of any large BIOS ransomware campaigns that infect such computers - it's almost like such ransomware attackers are mostly incompetent and wish to make a quick profit off people who run whatever arbitrary .exe and don't make backups.

Attackers that are more skilled and are willing to play the long game are likely going to be able to bypass intel boot guard just fine - but really they can make more profit doing other things than ransomware with those skills, so they do those other things instead.

I've mentioned multiple ways vendors could allow users to install custom software without "endangering" such a hypothetical granny, as granny isn't going to be uploading her own encryption keys or shorting 2 pads unless she knows what she's doing.

Windows is arguably a sort of ransomware, so reinstalling it would be how to maintain a persistent infection with no BIOS rootkits required - but most people won't be able to figure out how to install windows, let alone granny.

As for the throwing out hardware part, unless something extremely proprietary has been done by hardware manufacturers, just flashing the BIOS chip and any devices with microprocessors and storage (i.e. HDD's) with an external programmer will remove any infection - but of course hardware manufacturers won't tell you how to do that, as it seems they have proprietary interests in ensuring that their malware stays installed instead of being replaced.