Those of you that own a GIGABYTE BRIX systems should definitely read this article.
It is up to the motherboard manufacturers to correctly implement the UEFI firmware and enable the appropriate protection mechanisms to prevent unauthorized modifications to the firmware. However, as seen below in figure 3, not all manufacturers will ship their systems with the protections enabled.
