Coreboot and Seabios don’t support passwords, but PureBoot has a TPM admin password, to block the Pureboot firmware from being overwritten or changed.
By default you can’t boot from a USB device, unless you select that option.
See: https://docs.puri.sm/PureBoot/GettingStarted.html