Getting root isn't that easy. Or at least you don't have to let it be. Apparmor vulnerable services/ programs and keep your system patched.
They could get onto your machine, get root, and then see which BIOS you use, and then develop and incredibly complex and risky payload over days/weeks depending on if they already have the hardware, and then if you somehow haven't realized you've been infected for weeks they could try the payload on you.
Of course, they already have root, so they have very little reason to do so.
Bad guys are not focusing on the BIOS. There have been less than a handful of widespread BIOS infections ever.
I would suggest you either forget about the BIOS as you have way bigger things to worry about OR you purchase a dual-BIOS motherboard on the insanely tiny chance that an attacker somehow infects your BIOS.