Most device manufacturers can extend the functionality of the BIOS with UEFI (Unified Extensible Firmware Interface) but that leaves devices open to malware attacks at the lowest level. Maybe an example of the smarter we make things, the more opportunity there is for them to go wrong.
As Steve Gibson reports in the Security Now show notes (page 3) for episode 868 https://www.grc.com/sn/sn-868-notes.pdf Lenovo has admitted that development code made it into production.
So if you have Lenovo devices, please check if there are any firmware updates available. Do check with whoever provide your IT support before installing them, though.