The 2-day agenda:
Introduction to BIOS concepts
General system configuration responsibilities
Security-specific configuration responsibilities
Hardware architecture
ICH/MCH/PCH
SPI flash chip
Usage of PCI for x86 system internals
Talking to hardware through the PCI configuration space
PCI Option ROMs (and their use in attack)
BIOS access control mechanisms
How they fail
Tools to detect their failure
System Management Mode (SMM)
Why SMM is basically the best place for an attacker to live on an x86 system
Discussion of how the BIOS instantiates SMM from flash chip contents
Discussion of how attackers can break into SMM even without persisting on the flash chip
Introduction to UEFI BIOS
The UEFI phases and security parameters specific to UEFI
UEFI Firmware Filesystem
Reverse engineering UEFI modules
Applying UEFI structure definitions in IDA Pro
How Secure Boot & Measured Boot work
Attacks against Secure Boot
Attacks against Measured Boot
Specific tools useful for performing further firmware security research
RWEverything
ChipSec
http://gsec.hitb.org/sg2015/sessions/tech-training-6-introductory-bios-smm-attack-defense/
Firmware Security 