Back to the old laptop for me...
I have an old ThinkPad T400 that I installed coreboot and OpenBSD into it. Seems to be the only way of remaining safe from security holes like these...
I hate how much crap is being crammed into chips like these nowadays, I worked on a machine the other day that had a web browser built into UEFI. A BIOS isn't supposed to do much other than:
1) Read some registers from peripherals to build a table the OS can understand
2) Write some values to peripherals to change behavior (RTC config, base memory locations, etc)
3) Copy boot code from the boot device to the memory and set the CPU to kick off from there (and set a register so the boot code knows where it came from and the base address to get the next piece).
I wouldn't mind BIOS / UEFI being so large if it had a Unix-like environment that provided fdisk, fsck, a TCP/IP stack, wget, dmesg, and the ability to modify BIOS settings (Such as boot order, port configurations, change timing parameters, etc.), and maybe a utility that would allow enabling/disabling all PCI/PCIe and USB devices in the system.
The OpenBSD ramdisk / install image can do almost all of that with just 7.5 MB; I've seen UEFI chips 128-256 MB in size, more than enough to support such an environment.