> What bad things can do a non-free BIOS/UEFI/EFI firmware to user?
Well, obviously the worst thing in a proprietary bios is that it's proprietary.
If we look at this from a security point of view, this article contains a few examples (basically pretty much anything)
https://en.wikipedia.org/wiki/BIOS#Security
