Is it even possible to mitigate such an issue? Will resetting the bios by removing the cmos battery not also disable password protection in the bios thus making it possible to disable secure boot?
And at that point could they not just use a hardware keylogger or something?