Full replacement, I would have thought all the system files would be held on a SSD or similar.

Therefore is the device is compromised then all should need to happen is replace the drive with a new image, unless somehow the vulnerability is in the hardware…

