According to my understanding and based on what Jonas wrote above and also [1], doing the freeze post-BIOS would be useless securitywise; it’s not even a workaround, as any malicious software then just inserts itself into the MBR. This really needs to be fixed at the BIOS level to be effective at all.

[1] http://www.coreboot.org/pipermail/coreboot/2005-May/011688.html