In many of these cases, however, it’s still possible to run a software tool freely available from the IBV or device vendor website that reflashes the firmware from the OS. To pass security checks, the tool installs the same cryptographically signed UEFI firmware already in use, with only the logo image, which doesn’t require a valid digital signature, changed.
This is also my understanding, at least of you keep the EFI partition.
It can outlast those too.
Boy do I love the future.
It’s reminiscent of boot sector viruses in the DOS days.