Hurray for a vendor for checking the security of the hardware, and rejecting it for not being secure. If you are a big enough vendor, demand the output of CHIPSEC’s security tests and FWTS’s test results, before you buy it. If CHIPSEC is failing, do not buy it. This is the only way some OEMs will learn to build secure systems. Unfortunately, no end user consumer has this ability. Large enterprises do, and I wish more would be doing it, and demanding the results be public. OEMs which build secure systems should be proactively showing their test results, so that savvy customers will realize this huge market advantage over competitors.
I wonder what kind of incident this was, firmware malware or something else???