No, not for me. It always comes down to deciding what your threat model is, which determines what measures you need to take to reasonably protect yourself. Weigh the risk against the cost of the actions being considered.
It’s still the same sort of attack we’re considering:
- delivering malware to Windows (the vectors you mentioned are valid, but I don’t think they impact the analysis here much)
- the malware understands coreboot firmware and the hardware enough to infect the firmware
- the malware is capable of fooling software into thinking it has flashed the firmware, while still remaining resident
The risk depends on your threats, but is reduced by the complexity of the attack. You need to weigh this against the costs of actions to defend against such a threat. Here, we’re mainly debating between a software firmware flash and a hardware flash. The hardware flash will probably cost you a fair amount of time if you have never done it before, possibly some anxiety if you have trouble getting it right or aren’t sure whether it worked, and a bit of money for the hardware probably (not that much though).
Software flash is just this: Files · master · firmware / utility · GitLab
My impression is that the complexity of this attack, given your risk, probably does not outweigh the cost to hardware flash, but it’s up to you to decide. Whichever way you decide, I’m happy to help (if you want to go the hardware flash route and need help there, might be best to make another thread for that topic).
100%, could not agree more.