Depending on the implementation, kinda, but maybe not in the way you are thinking.
More generally, when you get down to the bottom of the pile of elephants, you are requesting some software currently running on your computer to write some bits to some kind of storage medium.
But there is no law of physics that says the software must to do as you ask! If the software is malicious, it can refuse. It could even pretend that it updated the bits but not actually do so.
"Oh, but I booted into $OTHER_PROGRAM and it writes the bits!"
Maybe. But how do you know that the boot loader faithfully loaded it? You don't. Maybe the boot loader is malicious and patches your firmware updater so that it won't actually write new firmware.
If you squint and tilt your head, it kinda looks like Ken Thompson's "Reflections on Trusting Trust".
More generally, when you get down to the bottom of the pile of elephants, you are requesting some software currently running on your computer to write some bits to some kind of storage medium.
But there is no law of physics that says the software must to do as you ask! If the software is malicious, it can refuse. It could even pretend that it updated the bits but not actually do so.
"Oh, but I booted into $OTHER_PROGRAM and it writes the bits!"
Maybe. But how do you know that the boot loader faithfully loaded it? You don't. Maybe the boot loader is malicious and patches your firmware updater so that it won't actually write new firmware.
If you squint and tilt your head, it kinda looks like Ken Thompson's "Reflections on Trusting Trust".