If your system firmware has already been compromised, you cannot trust that reflashing it will bring it back to a good state. Flashing relies on assistance from the existing system firmware on modern machines.
You would have to open the machine, desolder the flash chips and re-write them in a flash programmer to get a clean slate. Or, if your adversary is very high-level, just throw the machine away, since you'll never be able to find all the places one could hide persistent malware in hardware.
Once you lose physical control of a machine, it's game over if you are concerned about hardware/firmware attacks.
Are they detached and non-writable while the primary ROM is active? I have consistently used Gigabyte boards for a decade because of the extra features that come with them, Backup BIOS being a key one — in the old days I would have to flip a jumper on the board to make the system boot from the backup, today the secondary ROM gets automatically enabled if the primary one fails to load.
I wouldn't trust the secondary flash ROM on my motherboard to protect me from APT, it's only purpose is to recover from a failed flash.
You would have to open the machine, desolder the flash chips and re-write them in a flash programmer to get a clean slate. Or, if your adversary is very high-level, just throw the machine away, since you'll never be able to find all the places one could hide persistent malware in hardware.
Once you lose physical control of a machine, it's game over if you are concerned about hardware/firmware attacks.