UEFI is broken, by a leak from MicroPoodle, sorry Microsoft, sorry that’s a heart bleed. Anyway by examining a machine BIOS and knowing the size of the machine BIOS storage device (usually some form of EEPROM) device we can check the SHA512 sum and we can check content. With no other permanent storage devices or open communication devices (which if exist on board then employment of a Faraday cage can close this communication vector) then we can establish by exhaustion of both the individual BIOS’es contents and the configuration space of all existing BIOS’es and BIOS updates; this space will probably never be able to be completed so only true positive can be established.