Securing BareMetal at Shmoocon 201810 Feb 2018
Defending against firmware implants requires a different approach than what hardware vendors have traditionally provided. Firmware signatures and secure boot implementations are designed to prevent exploits, but don’t enable detection or recovery of firmware when they inevitably fail.
Fortunately, nearly every device has an existing mechanism to force it into a state which can be used to restore the writable firmware components.
Shmoocon presentation of Securing BareMetal Hardware At Scale