tl:dr (as far as I understand); an attacker with access to your machine can hijack your motherboard firmware and use it to invisibly gain total control over any software and hardware running on your computer. to be clear, what's being targeted is the code running on the motherboard itself, not operating system drivers. once a machine is successfully infected, the damage is basically irreversible.
I have heard (but can't confirm) that disabling your UEFI splash screen preemptively can protect you from this, as the attack specifically targets that. worth a shot, I always hated those anyways. most motherboards will also have a setting that blocks the OS from updating the firmware, so go ahead and enable that too I guess?
one super fun implication of this is that if your motherboard is infected, you have to throw it away unless you can reprogram the flash chip that the UEFI is stored on by hand. any other hardware with reprogrammable firmware connected to an infected motherboard can also potentially be infected, and should be treated with the same prejudice. this would include your CPU, GPU, and potentially some or all of your storage devices.
this whole situation could probably have been avoided if motherboard firmware vendors (read: AMI) did the right, sensible thing and released their software under an open source licence. this could have been dealt with before it became a problem yeeeeeears ago. public auditing fucking works! it's been working! let security researchers poke around in your shit, they'll do it for free. oh well. nobody important will learn anything from this.
letting the OS install motherboard firmware updates was probably also a really bad idea. like come on now. asking for trouble.