As with many things, this is a case of "it depends" - How you do it and for what reason, primarily. If you're reverse engineering code that's part of a DRM scheme for example, that's explicitly not allowed.

Coreboot is debatable for this, it's fine in the sense that nobody is going to come after you for it, but legally you're not doing a clean room implementation, you're looking at the original and creating a new functional replacement, which is fundamentally different to the Phoenix BIOS clone, and not in a good way.

But as I said, nobody is going to come after you for it so...