And put the EPROM in a socket, like it's 1987?
Some motherboards just have a physical jumper that prevents BIOS flashing. This happens infrequently enough as to warrant it for one server, or 10 servers, or maybe 100 servers. Likely unpractical for 1000 servers though.
Baseboard management is switching to easily swapped modules for exactly this reason: https://antmicro.com/platforms/dc-scm-open-source-bmc-platfo...
https://www.servethehome.com/the-ocp-dc-scm-hff-is-taking-ov...
If they can put the jumper on the exterior it might be feasible, if its inside its out of the question if you have to unrack the chassis to change. Rolling in a server lift for an 8u thats half full of copper is not a nice process
The next idea, a second oob management for the first oob managemen. A BMC for the BMC. It only does updates and maybe credential management.
Make this one simple enough and add an EPROM for it. Effectively a security chip for the oob. Extra points for secure enclave-like verified boot.
OpenCompute (OCP) Caliptra is an effort by hyperscalers, AMD and others to enforce a platform root of trust with OSS firmware and open silicon, mandating dual signature by server OEM and hyperscaler customer. The platform RoT is responsible for validating device firmware and OS boot, https://www.youtube.com/watch?v=p9PlCm4tLb8&t=2764s
> Often we see.. great security.. compromised by other great ideas for mgmt and other things.. starts to weaken its security posture.. want to keep Caliptra very clean [via OSS firmware transparency]
The security chip for the BMC is called root of trust.
I installed my own physical jumpers on my paytv receivers in the late 90s/early 2000s…