For starters, use Linux.
I just installed Trixie on a new laptop. I wiped the drive. Never let Windows 11 ever see daylight.
Apparently, the only way to update the BIOS is to use Windows. Not happening. The BIOS is good enough to boot Linux as is.
Interestingly, I tried Bookworm, but it had issues with graphics (firmware issue). Laptop too new.
You never know what interactions may be occuring between the BIOS (UEFI) and Windows. I do not trust that it will not install a backdoor in the EFI.
A modern machine is a virtual machine implemented with a microcode interpreter that you do not have access to except via the instruction set API.
You both may be correct.
I would worry about backdoors that recreate firmware variables based upon ip traffic.
Fishy. I see the alleged timestamps after zooming in.
By my calculations, it requires over 1024 bits to create a verifiable signed timestamp.
And that assumes there is a public key visible.
Oh, wait. I meant bytes, not bits.
Oh, wait. That means I must trust the public key.
If you flash a new firmware, and the problem persists, then you know there is a likely backdoor buried in the chipset.
I would suspect ACPI.
The ACPI is buried in the firmware, so until the problem is fully understood, you are likely stuck until the kernel can work around it, which will not happen until the problem with S3 is understood.
SpaceLifeForm