Which only worked because the existing firmware let's it.

Flashing the EEPROM doesn’t involve the firmware.

Who do you think bit bangs the EEPROM?

On some boards you can access can reconfigure GPIO pins of the chipset and bitbang SPI from the application processor (aka your normal x86_64 CPU) without firmware support.

Depending on the implementation, kinda, but maybe not in the way you are thinking.

More generally, when you get down to the bottom of the pile of elephants, you are requesting some software currently running on your computer to write some bits to some kind of storage medium.

But there is no law of physics that says the software must to do as you ask! If the software is malicious, it can refuse. It could even pretend that it updated the bits but not actually do so.

"Oh, but I booted into $OTHER_PROGRAM and it writes the bits!"

Maybe. But how do you know that the boot loader faithfully loaded it? You don't. Maybe the boot loader is malicious and patches your firmware updater so that it won't actually write new firmware.

If you squint and tilt your head, it kinda looks like Ken Thompson's "Reflections on Trusting Trust".

As I said, with literally every desktop PC I have ever owned I have updated the BIOS this way. So me, I guess.

You are not typing the bits in with your fingers.

What chip are you using to bit bang? Is that chip directly or indirectly controlled by the firmware? Usually it is.

You can lead a horse to water...

This is a design flaw in itself.

It makes it easy to brick a system.