BIOS/UEFI exploits while running Qubes?

So I have a Thinkpad P50. Nice laptop, runs Qubes perfectly. I intended to replace the firmware on it with something open source like Coreboot, due to all these UEFI firmware exploits that are about now.

However whilst searching for a laptop that runs Qubes without problems, I forgot to check wether it can run Coreboot. Unfortunately it can’t. x)

So I’m wondering, how susceptible is my machine to firmware type attacks while running Qubes, and under what circumstances could these occur?

If I’m connected to the internet via mobile 4G/5G for example, is Qubes OS’ virtual nature and the fact that it routes all internet traffic through Tor enough to protect or atleast hide my machine?