This is what I found most interesting:
https://en.wikipedia.org/wiki/Vault_7#UEFI
UEFI
Copy-and-paste code was included in the leaks which allow for the
exploitation of UEFI-based boot systems by altering the operating system's
kernel which is loaded into memory before exiting the UEFI boot sequence. The
copy-and-paste code allows for an attacker to insert a custom hook which can
be used to arbitrarily alter the operating system's kernel in memory
immediately before execution control is handed to the kernel."
As I understand it, this makes even an OS with a fully free kernel, such as
Trisquel (which uses Linux-libre), vulnerable as long as it is running on a
standard boot system. As of now Libreboot is the only way out.