Mass Manufacturing and the Economics of the Computer Security Problem
My first version of this post contained my proposal as to how we would have to design PCs (desktop, laptop, embedded, etc.) to be BIOS-secure, but realized the flaw in my proposal.
The flaw is, no matter how things are physically-designed and implemented, because there are so many computers, the value (economic and/or ideological) of the plum of Manufacturer X's BIOS code, or of their private signing keys, is so great that government intelligence agencies, organized crime, and terrorist groups will invest metric ass-loads of time and money obtaining them.
Whether those codes are kept in a safe with five combination locks, in the CEO's brain, or in the brains of their five top engineers, or where-ever, the amount of resources brought to bear to obtain them means eventually, they will be obtained by third parties.