Any changes done to the system firmware that causes the signature to be faltered will cause the TPM module to stop the computer. The TPM is an embedded chip on a computer that has a purpose of security, where everything is signed via a RSA key that is not accessible and is only stored inside the TPM module. If TPM is already activated on the system, then any attempt to infect the UEFI would be useless as the computer will not be able to start.
As long as the first two came from legitimate means of obtaining, I do not think there is any need to panic. Modern day computers also have a TPM chip on the motherboard.įrom an external memory interface like a USB, the UEFI can be infected although the likelihood of that happening depends on where the USB came from and where did the image of the OS on the USB came from. The BIOS on many modern day computers, especially those that are designed to come with Windows 10, usually are called UEFI and are different than BIOS from the past. This is typically a BIOS screen that is part of the BIOS which is typically located in the small boot partition or a BIOS flash chip. From what I am reading, it seems you are only at the 'reboot and select proper boot devices' screen.
It depends on what stage of the boot loading or fresh new installation point you are on in the BIOS.
