Picking a flash device with a boot block that cannot be rewritten just via any possible software routine alone and only by being combined with hardware intervention will work.
The parts that require a higher programming voltage that Richard mentions is one good possible way.
This would also recover a damaged BIOS attacked by even phishers.
If the flash update was somehow corrupted via power interruption, infected BIOS update with a good checksum, etc. the boot section would still have an good booter.
-Bari
Richard Smith wrote:
I think that having a 'you can never write this' bios image would be useful. The power fail scenario is a concern.
Many flash parts support a hardware lock where you can set a split. Areas that have been hardware locked can only be reprogrammed via the right programming voltage which is normally much higher than Vcc.
-- Richard A. Smith