In electronics form, it's the WRITE ENABLE switch, which I first saw on a DEC exchangeable-platter disk drive storing all of 20Mb on 15-inch FeO2-coated platters.
It doesn't have to be a switch, just something that can be done by the owner, given physical access to the hardware, and never by a piece of malicious software (at least, not until the hardware is a robot, in which case we'll have to re-discover what for a human is the small of his back).
Anyway, for a PC motherboard, there should be a SECURE BOOT DISABLE jumper, just as there is a password disable jumper for the better modern BIOSes. For other smart devices, something similar, requiring a simple but nontrivial amount of fiddling with the device.
For manufacturers worried about warranty returns, it might even be a one-way trip - protect the switch or jumper with one of those "warranty void if removed" security labels. Two levels of the same idea.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds