Re: It isn't clear whether the 5S are newer are vulnerable to FBiOS
All ARM designs have an internal rom that is used to verify and validate the boot... and maintain the "security features".
And short of grinding off the processor chip cover, you CAN'T replace it.
The only thing you can do is replace flash chip holding the client OS... but that won't bypass the security features.
BTW, one of the other requirements is not to modify the flash... otherwise the chain of evidence will have been damaged.