Supermicro has the BOM, Schematics, Layout files, they , pre the article are not in on the hack and would be motivated to clear their name.
If there is a chip inserted in between layers, you won't need a BOM to find that, no one does that on mass-produced serverboards, it's far too expensive.
Now, if there is a part that is nominally on the board, is part of the schematic and BOM , but has been replaced with a modified part, you wont find that on the paper work or even layout, you'll have to find a board with the part on it. I could see a reel of parts with the same footprint being substituted during a production run, but that means hundreds or thousands of boards are in the field.
Surely some Engineer or Tech has one of these in a box that had failed for an unrelated reason, or were part of an engineering test or even a spare. There are only so many parts that are potential candidates for substituion, ie ganged pullups on the I2C lines , a single 2 pin package wont be able to affect or read data, buffers or possibly a filter on the RMII lines from the BMC MAC to the management network PHY , filters or baluns on the PHY to RJ45 network jack, the jack itself. the BMC boot EEPROM all come to mind.
That's the problem with a hardware hack, it's going to leave a physical evidence trail. So far nothing has been produced.
IMO this story is unraveling.