Изенька, в Арче(Федоре и др.) недавно нашли суровую уязвимость xz архиватора lzma, из-за взлома Игоря Павлова путём социальной инженерии, "-Где новые правки?", ну и он поправил на свою голову🤣, а обновлять биос можно и из под линукс))
xz backdoor was targeting specifically OpenSSH on systems where it was patched and linked with libsystemd.so, wich internally links with liblzma. Archlinux did not patched OpenSSH, unlike Fedora, RedHat and Ubuntu I think, so it was not affected by this. And as soon as this attack was disclosed, Archlinux changed package and released it without this backdoor in build system.