Years ago a friend came to me with the HP laptop of one of his customers, an Algerian businessman. He had fired one employee and this one, before leaving, had set a new password on every PC in the office, including the server and this specific laptop. A local technician was able to restore all the other PC, but not this.
I called HP support, who confirmed that the password was stored both in the BIOS and in the HDD, and offered to restore it for a fee, but asked for a proof-of-purchase.
If I remember well, they said that they could generate a "master" password by knowing the serial number.
The laptop was bought second-hand, from a guy in France who seemed vanished (maybe it was stolen?), so: no proof of purchase > no password recovery.
The laptop is still sitting in my friend's office..
I think that this level of security is excessive: humans make mistakes and their memory is limited, so...