Why not use a password? (Score 1)

Large environments require BIOS updates more than the average user, and may require some type of update across hundreds of servers (or more) if a bulk-purchase was made. These need to have the ability to be scripted. A solution sacrificing both convenience and security would be to require a BIOS password to be set on first boot. This could be scripted so that when a server comes into a corporation, it gets a BIOS password, and then this password is required to write any BIOS (or even firmware-level update) to the system. Then the issues are losing the password - which could then employ a jumper to reset - and the encryption level of the BIOS password, which would be interesting after few years.