[extrapickles]

Ideally the write enable line of the flash chips would be hooked up to their respective application processors, so when you are reading them via this header they will be read-only as the processor would still be powered down. For an adversary that is able to remove soldered chips there isn't much you can do without going completely custom for everything.

Having sockets would increase the costs ($1-20/flash chip) and doesn't raise the sophistication level of the attacker from unskilled labor (literally anyone in the chain of custody) to skilled labor (eg: someone that can do SMT or BGA rework).

[nyanpasu64]

I've recently reflashed BIOS/UEFI chips by soldering plastic-ended jumper wires (easier to work with than regular breadboard wire) directly to the BIOS chips, and plugging the other end to a Raspberry Pi's SPI host pins and running flashrom. It's definitely involved to learn and tricky to pull off (like any form of complex soldering), but much lower in equipment costs than desoldering surface-mount flash chips (which I hear requires hot air to do without damaging the chips or board).