If not impossible, at least very strange that he has not done more research to verify this (would be easy to do with an oscilloscope attached to the speaker output).
Using any random quad-SPI programmer and soldering it to the chip that contains your BIOS. If dragosr is suspecting a BIOS malware, I can't understand that he hasn't done that yet. From what I've read on his Twitter and Facebook account, he would have spent 3 years investigating this malware and is just now thinking of dumping the ROM of his "infected" USB devices.
That sounds fairly unlikely (the BIOS does executes some code from PCI devices, but he says this happens on a machine without any weird PCI device, and PCI ROMs can be dumped too). We would not have to discuss whether this is the case if BIOS dumps turned out to be different. The issue is that 3 years after discovering the malware, he hasn't even tried to dump his BIOS.
Compression and encryption at this stage would be obfuscation more than anything else, and it's the job of malware researchers to break these kind of obfuscation layer. But again, we have no proof of this even being present.
The BIOS is not a black box that can't be analyzed.
Presumably that's atypical behavior for a BIOS, so an analysis of the dumped firmware should turn up where it's getting the location of and method to decode the data. That would give you enough to keep digging.
With many (most?) desktop motherboards, the flash chip is desolderable and can usually be taken out and read on a dedicated flash reader if you have the equipment. There would be no way for the rootkit to bypass that.
Yet, even these programmers are not directly wired to the transistors holding the individual bits and bytes. I would not be surprised if there's a way to manipulate the internal logic of an EEPROM chip, too.
Seems like trolling or some form of paranoia.