Newer technology allows BIOS to be changed remotely.
Think of a small computer built in to the motherboard that monitors the machine state. The computer involved in the BIOS edit doesn't even have to be on, just plugged in. This is important, say, in a business environment when a machine in a remote location crashes. You don't need a person on site.
I think, too, but not sure, that a password to access the remote access software is different than the BIOS password. A BIOS password is to stop a person physically at the machine to be able to change the BIOS settings.
A person managing the machine remotely has the access software password to gain access, then may or may not need a BIOS password. Could be, too, that there is the possibility of there more than one BIOS password, one on site, one remote, but again not sure.
I have a couple of small servers with this capability. Remote access has its own network card/cable on mine. Not sure what the voting stuff has, maybe wireless or LTE. Very possible routers would show access to the remote software IP, which is different than the mac/IP address of the onboard machine card. Big tell, IMO.
TL:DR; Very possible BIOS password smoke and mirrors is kabuki. Real issue, that can't be divulged, is all the machines could be accessed, from bare metal on up, with remote technologies hard-wired on the motherboard. What Peters had or didn't have and is don't mean shit ijust muddying the waters by the SOS. Techs from far away are on those machines using programs/technologies not mentioned yet. HP iLO and Intel vPro, are examples.