@hackernews@die-partei.social

How can this be prevented?
When attempting to model this particular threat, it is important to keep in mind that this requires complete physical access for possibly a minimum of a few hours. Additionally, the use of full disk encryption (with a Passphrase and TPM) would prevent an attacker from obtaining data from the laptop’s drive.

In order to increase the difficulty of this type of attack, manufacturers could include the BIOS and EEPROM packages into one Surface Mount Device (SMD). This would require performing a chip-off attack to intercept the same communications. Some motherboard manufacturers already use this process, either on purpose or unintentionally, for modern or higher-end systems.