For just a few bucks, you can pick up a USB stick that destroys almost anything usb protect that it’s plugged into. Laptops, PCs, televisions, photo booths – you name it.
Click the Erase tab in the Disk Utility window. In the dropdown menu alongside the Format heading, select Mac OS Extended (Journaled, Encrypted). In the Name field, type whatever you wish to call the memory stick. This name will appear in Finder’s sidebar whenever you insert the stick in future. He could always hand-enter the stuff usb lock by using a hex-editor on both machines. That he coded himself in assembler. On an assembler live CD version of KolibriOS. You get machine level control and safe data movement! Booted off EFI USB stick with signed shell (efi\boot\) successfully. Secure boot is now enabled and in user mode – only signed executables are allow to run.
It seems that Sauna and Railgun_Sniper have good points. Preventing software contaminating the firmware is the main issue. A switch or physical sensor like hall effect, ultrasonic, optical, pin overvolts usb access control condition, any of these could be engineered so that the customer can both block software access and obtain it to upgrade or check the firmware. This function has to be hard wired into the design.