I was talking to a friend recently and he had the Federal Office for the Protection of the Constitution visit him. And in a general discussion, they gave some advice.
Their advice was, if a computer gets compromised and it has UEFI, shred it. Don't bother trying to do a clean install, because you can never be 100% sure they haven't slipped something into the UEFI. You can't just throw out the old drives and put new ones in any more. Likewise, even updating the UEFI isn't a 100% guarantee.
Similarly, he was advised that if you are visiting certain foreign countries, you shouldn't take a laptop or phone with you, or rather just a burner phone and laptop with no sensitive information on them and throw them in the bin when you return.
And I thought I was paranoid!