On some systems it can immediately unlock and re-write the motherboard boot flash, on others it needs to hook the s3 resume script and wait for a sleep event. This builds upon the information we learned in the original Thunderstrike research, namely how to append PE files to the Firmware Volumes and how Apple verifies the integrity using CRC32.
The option rom can't directly write to the flash, so instead it hooks the s3 resume script using the Darth Venamis vunerability. This code will be executed when the system comes out of a sleep mode. Addtionally if you look closely behind the title bar in this image you can see the FileVault password that was keylogged.
Later the system goes to sleep and the CPU enters a low-power state and all of the flash lock bits are reset into their unlocked state. We can identify when the system has entered the s3 suspend to ram sleep, by waiting for the fans to shut down. When the system resumes there is a window of time to write Thunderstrike 2 into the motherboard boot flash.
Once installed in the boot flash, it is very difficult to remove since it controls the system from the very first instruction exceuted upon booting, including the keys for updating the firmware. Reinstalling OS X won't remove it, replacing the harddrive won't remove it. Even swapping to a new laptop has the possibility of re-infecting from thunderbolt devices that might have been shared.
Again, this poc isn't very stealthy, so when the system reboots we'll see the thunderstrike logo. A weaponized version could use virtualization or SMM to hide from attempts to detect it.
Thunderstrike 2 also watches for new Thunderbolt devices to be attached, and can write itself to a clean adapter when it detects the PCIe hot plug event. This hardware transmission vector allows it to potentially cross airgap security measures.
Thunderstrike 2's proof of concept demonstrates the entire cycle of a software exploit that can write to the motherboard boot flash, which can then infect Thunderbolt option ROMs, which can hook the S3 resume script or SMM and repeat the installation into motherboard boot flash chips on new machines.