Physical hardware can be secured fairly simply: limit access to the hardware and record serial numbers.
Restrict access
Install servers and related equipment in a locked, restricted access room.
If equipment is installed in a rack with a locking door, keep the door locked except when you have to service components in the rack. Lock the door after servicing the equipment.
Restrict access to USB consoles, which can provide more powerful access than SSH connections. Devices such as system controllers, power distribution units (PDUs), and network switches can have USB connections.
Restrict access to hot-plug or hot-swap devices in particular because they can be easily removed.
Store spare field-replaceable units (FRUs) or customer-replaceable units (CRUs) in a locked cabinet. Restrict access to the locked cabinet to authorized personnel.
Record serial numbers
Put a security mark on all significant items of computer hardware, such as FRUs. Use special ultraviolet pens or embossed labels.
Keep a record of the serial numbers of all your hardware.
Keep hardware activation keys and licenses in a secure location that is easily accessible to the system manager in system emergencies. The printed documents might be your only proof of ownership.