This guide presents some security features and configuration options applying to hardware devices. These features are defined in the form of requirements and can apply to a provider of these hardware configurations. The intended goal is to enforce security of new hardware acquired by an IT department. Each requirement is followed by a security objective specifying the goal.[…]
Provided tools can be used to build two bootable USB keys:
* the first around the chipsec tool edited by Intel, integrated in a Debian live distribution, which can be used to check the platform configuration registers.
* the second one is built around the keytool.efi binary which can be use to inspect and modify the SecureBoot key list. The key can be used to check that the platform will accept new, custom SecureBoot keys
https://www.ssi.gouv.fr/en/guide/hardware-security-requirements-for-x86-platforms/
Firmware Security 