So if you'd like to get a more technical and quantitative view of what> the BIOS/SMM security landscape looks like, you should check out our classes and watch for talks by Corey Kallenberg, John Butterworth, and myself over the next 6 months where we'll be describing 2 new BIOS memory-corruption-to-reflash exploits, 2 new SecureBoot-breaking tricks, and trustworthy computing extensions to Copernicus that will counter many classes of attacks against BIOS dumping software that would let an attacker hide his BIOS presence.
Sounds interesting. Intel has a 3-day UEFI training course for employes/partners. They put their courseware and labs online, and recent builds work with Linux and not just Windows/VisualStudio. Targets IHV audience, not security-centric. http://sourceforge.net/projects/edk2/files/Training/TrainingMaterial/ The above-mentioned Butterworth recently spoke at Perdue on BIOS security: http://www.cerias.purdue.edu/news_and_events/events/security_seminar/details... If you're in the Seatle area I'll be doing another half-day dev intro to UEFI at the local univerisity capture-the-flag team in March, and I think non-students are welcome to attend.