I don't know if this is really answering the question you wanted. However I have used information on this page: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
I had a self encrypting SSD. I used the hdparm command to set a user password, a master password, and to set the master password capability to "maximum" so that a master password can not unlock or disable, just erase. (My BIOS did not let me set a master password or the master mode. This is indeed insecure as the manufacture (Dell) has the master password and probably any service rep can get it.)
A good BIOS/UEFI should unlock the driver and freeze it so that the password can not be disabled by the OS. If firmware leaves the drive unfrozen I could see how the password could be disabled.
However all this assumes you trust the drives firmware not to have a backdoor or security hole. The article you quote seems to imply this is common. I do question how "easy" the bios level is to defeat as the article states that the drive must already be unlocked. The article did not say if the drive security was frozen or not.
If you don't trust the drives firmware then I don't see how any of the ATA password functionality can help you. To still benefit from the drive HW you would need access to the AES engine itself and be able to program the AES key yourself.
was:
Sorry I should have read all your references before I answered. The standards in question are TCG Opal 2.0 and IEEE-1667. It appears that 1667 moves to a challange response protocol over ATA's clear text password exchange. However it appears to me that the passwords are still stored in the drive and you would still need to trust the drive firmware.