Why can't I print "Hello World" on the screen of the physical machine?

Question

I wrote an MBR program:

section MBR vstart=0x7C00
    mov sp, $$

    ; initialize register
    mov ax, 0
    mov ds, ax
    mov es, ax
    mov ss, ax
    mov fs, ax
    ; Set the address of the video memory to the es segment register.
    mov ax, 0xB800
    mov es, ax

    ; Scroll up the screen to achieve the effect of clearing the screen
    ; Set BIOS sub-function number
    mov ax, 0x600
    ; Set the properties of the rollup line
    mov bx, 0x700
    ; Set the rectangular display area of the text, in VGA text mode, a line can only hold 80 characters, a total of 25 lines
    ; Set the upper left corner coordinates (0, 0)
    mov cx, 0x0000
    ; Set the coordinates of the lower right corner (24, 27)
    mov dx, 0x184F
    ; BIOS interrupt call.
    int 0x10

    ; Get the cursor position.
    mov ah, 3
    mov bh, 0
    int 0x10

    ; Send ASCII characters to video memory.
    ; Set the source address of the string.
    mov si, MESSAGE
    ; Sets the destination address of the string.
    mov di, 0x0
    ; Set the text properties, the background color is green, and the text flashes.
    mov ah, 0xA4
    mov cx, STRLEN
    cycle:
        mov al, [si]
        mov [es: di], ax
        add si, 1
        add di, 2
        sub cx, 1
        cmp cx, 0
        ja cycle

    jmp $

MESSAGE db "Hello world"
STRLEN equ $ - MESSAGE
times 510-($-$$) db 0
db 0x55, 0xAA

It works fine in qemu:

After that, I wrote the MBR to my USB stick using:

dd if=mbr.bin of=/dev/sdc

and in the BIOS, I turned on Compatibility Support Module (CSM) support.

The result of its operation on the physical machine is as follows:

Obviously, there is no problem with the property setting of the string, the background is green and the text is blinking, but the wrong text is displayed.

why is that? How can i fix it?

Here is some qemu and physical machine info:

$ qemu-system-x86_64 -hda mbr.bin
$ qemu-system-x86_64 -version
QEMU emulator version 7.1.0
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers
$ lspci | grep -i vga
00:02.0 VGA compatible controller: Intel Corporation HD Graphics 620 (rev 02)
$ lspci | grep -i nvidia
01:00.0 3D controller: NVIDIA Corporation GM108M [GeForce 940MX] (rev a2)
$ lscpu
Architecture:            x86_64
  CPU op-mode(s):        32-bit, 64-bit
  Address sizes:         39 bits physical, 48 bits virtual
  Byte Order:            Little Endian
CPU(s):                  4
  On-line CPU(s) list:   0-3
Vendor ID:               GenuineIntel
  Model name:            Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz

=================================================================

In my chat in the comments, I learned that the MBR may be overwriting some memory by the BIOS. I tested this hypothesis using Michael Petch's code and the results are as follows:

Except for the first 3 bytes, the other bytes that are not "AA" are the memory overwritten by the BIOS.