Would running TrueCrypt full disk encryption protect you from your own hardware? If the BIOS can't read the disk on boot, I don't think it would inject the binary into the file system.
> The authenticated device owner should have the ability to disable or remove this functionality if desired.
The feature shouldn't exist in the first place. If a backdoor is hidden, this is an unlocked door with a "Please don't enter" sign on it.
>November 29, 2011 First publication
>July 8, 2015, 2015 Revision to include security guidance and requirements