Are you confusing a bootkit (ie. malware that's in the boot loader) with malware that's in the firmware itself? If it's just in the boot loader, that's still stored on the hdd/ssd itself, and therefore can be wiped.
I said "can be made to persist" and I meant, yes, that the malware could be compromising the firmware. And by "can" I implied that not all of it does, but the possibility of it doing it does exist.
Secure boot is indeed designed to protect against bootkits too.
Are you confusing a bootkit (ie. malware that's in the boot loader) with malware that's in the firmware itself? If it's just in the boot loader, that's still stored on the hdd/ssd itself, and therefore can be wiped.