From what I’ve seen of PC building in Youtube, the UEFI BIOS of discrete mobos are quite nice looking and offers a lot of customization 
But mine, though UEFI looks like the 90s blue screen BIOS and has very limited customization, happy Lenovo is at least pushing out updates for it 
Thanks everyone for your inputs, learned one could update the BIOS in quite a few different ways than I knew was possible! 
What I ended up doing and worked for me was:
- Downloaded Hiren’s BootCD PE ISO and copied it and the firmware updater exe file to the Ventoy vfat partition on an external SSD drive.
- Disabled Secure Boot and booted up into the Hiren ISO which is based on Windows 11 PE but with additional drivers and tools. Also, I found it wasn’t possible to create a Windows PE ISO without a working Windows installation.
- Copied the firmware updater exe file to “Documents” and installed it.
- Loud fan noises, several restarts, and some flashing progress/verification screens later I was able to see the updated BIOS.
- Updated BIOS settings as those were reset to default after the upgrade and enabled Secure Boot
First time I did this on my secondary machine (same model as primary but with lower specs) I wasn’t quick enough to cancel the countdown that wiped the boot menu entries. Had to boot without Secure Boot, update bootloader settings from Yast and reboot back with Secure Boot enabled.
Anyway, for all these efforts I was rewarded with an HSI 1 pass result from Gnome device security for the very first time since I purchased this device a few years ago. 
