Jules Richardson wrote
Rod Speed wrote
Tim Watts wrote
The Natural Philosopher wrote

exactly, An undetectable change that results in no detectable
activity by anyone in the whole universe is not a security risk.

You may have a "potentially detectable" change, but for any
practical detection mechanism, I feel fairly safe in asserting
that it could potentially be hacked so as not to leave a trace
*detectable by the detection mechanism".

Doesnt matter if you are fairly certain or not, there are obvious
examples where that isnt possible. Most obviously with a full
restore from image using a machine that isnt even net accessible.

Technically, is it possible to re-flash a PC's BIOS from a
binary running with sufficient permissions under the host OS,

Not with a system that has a jumper that has to be in a particular
position before that can happen, and obviously if you are paranoid
about that being done malicioiusly, you would only use one of those.

And its perfectly possible to keep a hash of that anyway,
so you can always detect when that has happened.

such that malicious code could potentially run undetected
following reboot, regardless of whether hard disk contents
were restored from an image on another system?

I've never heard of it happening, but I'm curious whether it could in theory be done.

Yes, its certainly possible but very easy to protect against
and monitor if thats happened so it wont go undetected.