Me being able to modify the firmware of my laptop is somewhat important. Other people being unable to modify the firmware of my laptop is very important.
If there's no way to get one without sacrificing the other, the better option for my privacy, security, and freedom is to take a static but non-free BIOS.
Signed firmware isn't static. They don't fuse a hash into the CPU, but a key (to a key to a key, see http://www.apress.com/9781430265719) to verify signatures.
So the result is that you can't update your computer's firmware, but somebody else (although probably not the average criminal).
The standard solution is to lock down the write access to the flash chip. While current era firmware requires writable flash for memory init (or you lose suspend to RAM capabilities), it can be locked down directly afterwards and before code from somewhere else is executed.
That works nicely without Boot Guard, but not so good with UEFI (which stores its persistent variables in the same flash memory part).
