To be fair, some of the bare metal providers reflash firmware when the machine is reprovisioned. In theory firmware "implants" could survive reflashing but I don't know if such a thing has ever been seen in the wild.
This needs to be taken into account when running on metal instances with different cloud providers. You would also want an assurance that metal instances aren't ever repurposed to be VM hosts in the future.
