Even with Coreboot on anything vaguely modern, there is a 'Management Engine' or 'Platform Security Processor' you can't practically control.
On the better understood Intel versions, this is running a full MINIX 3 operating system and controls the network card in ways the BIOS and operating system root cannot monitor. It runs a significant amount of code; with hardware obfuscation that has not yet been broken.