The firmware updates from a protected capsule so it can't be updated without a signature verification effectively closing the loop. Its possible to add a 3rd party root of trust (TPM/etc) to this, its just vendor defined whether a platform uses an additional component to validate the PK/firmware/etc earlier in the process.