Yes it is.

Supermicro is one of the only vendors that tries to prevent this attack at all through RoT.

Other vendors you can flash whatever unsigned firmware you want. It’s very useful for adding in microcode for intel engineering samples, or malware…

This is not true. Almost all firmware is signed by every vendor, and there are standards from Intel and amd on implementation of code signing.

Look up Intel pfr.

Signed ≠ enforced.

At least for 4677 Intel stuff, gigabyte & HP and others let you modify the firmware and flash it.

HPE at least makes you flip a DIP switch, otherwise it complains loudly and halts.