I was helping a friend replacing the battery and thermal paste on his System 76 laptop. Never own one before but I notice it runs a special BIOS version, Coreboot. It turns out there are Coreboot and Lireboot. .These help to boot really fast though.
Anyway, I notice there are no password BIOS lock like on Lenovo. How would this protect against someone plug a USB in and just wipe my drive? On Lenovo you can set a supervisor / boot passwords, and you can remove USB drives from the boot list.
Check out something like Heads.
Anyway, wiping your drive is the least of your worries when it comes to software attacks. You should be keeping regular backups of your data anyway. You want to prevent malicious actors from accessing your data, which, if they have physical access to your hardware, increases the risk a great deal. Heads will help prevent against evil maid attacks, although the bad actor can still reflash the BIOS chip physically. Full disk encryption (assuming your computer is off at the time that your computer gets stolen/hijacked) is the goto method of securing the data on your SSD.