Ars Technica

Researchers unpack unkillable UEFI rootkit that survives OS reinstalls

UEFI firmware images must be digitally signed, period. This will make this attack impossible. I'd say all downloadable/flashable firmware must be digitally signed. Click to expand... Aside from that ...