option ROMs are not quote "security features" they are more like legacy x86 thing which if they get corrupted (e.g. modified by malware) would be a complete security nightmare of having malware in a way which can access most things and can't be detected at all (slightly oversimplified).
Because of this validating option ROMs is _very_ important to a point some would argue it's more important then validating that e.g. your Linux kernel has not been modified
Honestly option ROMs IMHO should not exist in the way they do (for security reasons), but they outdate secure boot by quite a bit and like many of this "old legacy features a lot of things depend on" are just really hard to get right of.
Through without question the design this ended up with has a terrible UX.
But most laptops with a reasonable EFI implementation and no dedicated graphics card do luckily not have option ROMs (through their firmware update tool might have something similar, but you can just not use it).
Because of this validating option ROMs is _very_ important to a point some would argue it's more important then validating that e.g. your Linux kernel has not been modified
Honestly option ROMs IMHO should not exist in the way they do (for security reasons), but they outdate secure boot by quite a bit and like many of this "old legacy features a lot of things depend on" are just really hard to get right of.
Through without question the design this ended up with has a terrible UX.
But most laptops with a reasonable EFI implementation and no dedicated graphics card do luckily not have option ROMs (through their firmware update tool might have something similar, but you can just not use it).
reply