Re: 'None of the actors can be taken at face value
"The hardware security solution to this is on-board flash and memory on the server management processor, preferably on the same die, made with security hardening techniques."
Thus forcing them to replace that chip, find a way to bypass it, or to corrupt it in some way.
Interfering with the manufacturing process, with sufficient technical skill, seems to be almost unstoppable. Any 'solution' can be obviated, bypassed, or removed.