How would I test that? I suppose that I could setup a VM to boot from an HDD, and then see if I can flash the HDD's firmware.
If this firmware trojan is EFI-based: For PCI-based devices, use an Intel Tunnel Mountain box, an EFI dev box. You can install a debug version of the firmware with symbols or full-source level debug info, and debug it with a second machine using GDB or Windbg. http://tunnelmountain.net/ For USB-based devices, use an Intel Minnowboard MAX, a low-end dev board for 'hobbiests'/'hackers' for Yocto and UEFI. Much cheaper than the Tunnel Mtn box. http://www.minnowboard.org/ Consider trying to use QEMU to test a virtual drivers for native passthru. QEMU has the best diagnostic options for UEFI, it is the UEFI Forum's main virtualization option for EFI dev. You can build the same kind of debug firmware image for QEMU (called OVMF) as with live box. VirtualBox has some EFI support, especially when you build it with custom flags and set some environment variables. But AFAIK, VirtualBox's EFI support is less powerful than QEMUs. http://www.tianocore.org/ovmf/ If malware vendor provided ARM OpROMs in addition to Intel ones, use one of Linaro's target ARM dev boards. They have a fork of TianoCore EFI for each of these boards, and you can use that OVMF with QEMU as well. https://wiki.linaro.org/LEG/Engineering/Kernel/UEFI