You can remove the current infection if there IS one present, but that doesn't prevent the same from ever happening.
You are incorrect on that front, is all I can say at the moment.
No, it's that you don't understand that every BIOS is supposed to have a key anyway. that's how a flasher knows a BIOS isn't for a particular board in the first place. You wouldn't be doing anything but the exact same thing.
I bypass those keys all the time (those that actually are uh, implemented).
They aren't "keys." They are bloody file hashes at best.
that's how a flasher knows a BIOS isn't for a particular board in the first place.
Nope. It's a bloody string in the DMI fields, at least in Aptio V, which is what most boards today use.
To be exact, it is this string:
Every BIOS is signed and that signature is checked. That's part of what UEFI offers in the first place.
Oh god. You don't really believe that, do you?
Go play with an EVGA bios for 5 minutes (no sig check at all). Or a gigabyte. Their sigcheck is literally a BOOLEAN FLAG.
To find a gigabyte sig check, you open the bios with a hex editor. You search for the string "$BDR." You will see your board name. After that, a long hexadecimal string of zeroes. The boolean flag that says whether all is well or not is literally the second "01" after the long line of zeroes.