Re: Standard Operating Procedure
completely replace all the installed software/firmware
How exactly do you propose replacing the firmware on your AMD/Intel PC? Because on those platforms, all firmware updates take the form of asking the preinstalled (opaque, cryptographically locked) firmware to please update itself with this new (opaque, cryptographically locked) file. A malicious firmware would just ignore that request or conveniently copy the malware over to the new firmware.
Unless you mean "take the entire machine apart, voiding the entire hardware warranty, and get out your Raspberry Pi for some firmware writing action"? Your average beancounter in your average corporation would go into an apoplectic fit just at the first suggestion, and the result probably won't work very well considering the OEM writes some fairly important machine specific data to parts of the stock firmware.
And when the firmware itself tries to install crapware (Superfish anyone?) repaving the OS won't help one bit, even if Microsoft allows you to do so without the OEM bundled crap or paying for another license.
And no, I don't use big box (i.e. Dell, Lenovo, etc.) PCs, or Windows, nor does my employer. For these reasons and others. And they do verify firmware, but insist on buying PCs and laptops with open source code to the firmware. It's a bit of a different situation.
Don't trust the vendor, don't buy their hardware. That advice holds regardless of whether the source is open or closed, but open source helps one trust the vendor more.