There are millions of lines of code in a bios supported by billions of transistors. A wireless component can fit inside any innocuous chip at any part.
Software wise, the bios can contain many flaws that can be exposed via peripherals, remotely, etc. The certificates are kept secure by unknowns parties protected by algorithms that few can prove the validity of.
A physical attack access is rarer (* from sophisticated attackers). Sophisticated/dominant attackers leverage low end attackers to do the actual physical attack. Identification and knowledge of such an attacker greatly diminishes that attacker's capability and credibility. Low end attackers are also resources.
Remote attacks do exist. One of the common attack frameworks is a type of radar attack that exploit bugs in the hardware design. They work like RFID where some component has an exploit that can be activated remotely by radar. Defending against such attacks is quite difficult. Other attacks include errors in manufacturing. Not all chips come out of the oven equal, and a sophisticated attacker need not risk physical detection when they are capable of deducing the how to exploit those errors.
Software wise, the bios can contain many flaws that can be exposed via peripherals, remotely, etc. The certificates are kept secure by unknowns parties protected by algorithms that few can prove the validity of.
A physical attack access is rarer (* from sophisticated attackers). Sophisticated/dominant attackers leverage low end attackers to do the actual physical attack. Identification and knowledge of such an attacker greatly diminishes that attacker's capability and credibility. Low end attackers are also resources.
Remote attacks do exist. One of the common attack frameworks is a type of radar attack that exploit bugs in the hardware design. They work like RFID where some component has an exploit that can be activated remotely by radar. Defending against such attacks is quite difficult. Other attacks include errors in manufacturing. Not all chips come out of the oven equal, and a sophisticated attacker need not risk physical detection when they are capable of deducing the how to exploit those errors.