The real story is that OEM motherboards still have terrible security story, years later. this has as much to do with Dell or HP as it has to do with supermicro. obviously firmware needs to be open source but it also needs to be signed and trust controlled by the entity owning the computer network. only the big cloud players have that, the rest of us are still waiting for it to appear on the roadmap.