IBV just is a contractor human resource pool.

Nothing can change the fact. HW vendors doesn't want to release the part of CPU bootcode directly. The most end-users wont care about the initialization detail but just want a working hardware product. Unfortunately, the hardware vendor never compromise and buyers won't have too much consideration about that as they are just selling products for the hardware vendor.

So they have to execute their plan B to bear another ecosystem. But it's hard to tell about how much difference between of them.

There is unlawful leaked MS-DOS 6.0 source code too.

So NaCL and PNaCL are not good enough to be comparable with WASM?

NaCL relied on a lot of segment register tricks that are only available to ring 3 AFAIK.

Even most UEFI/BIOS are compiled by MSVC.and MASM. Why to ignore OVMF?

They don't use x86 segmentation and normal gcc should work fine.

This make me to recall a website which claimed NIST P256 ECC Curve is unsafe in some respects.

This petition like a "responsible encryption".

A feasible and easier way is just buy a consumer laptop or shipped with non-AMT ME and make ME boot into the recovery mode.

server ME does not connect to ethernet but BMC do. They may enable something like Secure Boot which requires signing to prevent 3party unauthorized backdoors.