UEFI, BIOS, and Secure Boot Security
RCCE students will learn how platform firmware establishes trust during system startup and how attackers abuse weaknesses in UEFI, BIOS, bootloaders, and secure boot implementations. RCCE students will learn to evaluate boot integrity controls, identify persistence opportunities below the operating system, validate secure boot policy enforcement, review firmware settings for enterprise hardening, and investigate attacks that target early boot components. The course covers practical scenarios ranging from platform initialization through trusted startup verification and incident response. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing UEFI, BIOS, and Secure Boot Security
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for course structure — covering Evaluate boot integrity controls in enterprise, 6 modules covering foundations to IR.
- Explain Platform Firmware Foundations fundamentals — covering Firmware executes before any OS security control.
- Execute hands-on tasks for why firmware matters for security — covering Firmware executes before any OS security control.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for tsl + rt phases — covering Boot Device Selection scans boot options.
- Execute hands-on tasks for hands off execution to os loader — covering Transient System Load executes bootloader.
- Execute hands-on tasks for flash descriptor
- Execute hands-on tasks for intel management engine firmware
- Execute hands-on tasks for platform data
- Execute hands-on tasks for power on
| Module 01 | Course Overview |
| Module 02 | What You Will Learn |
| Module 03 | Course Structure |
| Module 04 | Platform Firmware Foundations |
| Module 05 | Why Firmware Matters for Security |
| Module 06 | UEFI Architecture Deep Dive |
| Module 07 | TSL + RT Phases |
| Module 08 | Hands off execution to OS loader |
| Module 09 | Flash Descriptor |
| Module 10 | Intel Management Engine firmware |
| Module 11 | Platform Data |
| Module 12 | Power On |
| Module 13 | Security Checkpoints in Boot Flow |
| Module 14 | Trust Hierarchy |
All hands-on labs run on Rocheston Rose X OS. Students practice uefi, bios, and secure boot security by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Explain Course Overview fundamentals
- Lab 2: Execute hands-on tasks for what you will learn
- Lab 3: Execute hands-on tasks for course structure
- Lab 4: Explain Platform Firmware Foundations fundamentals
- Lab 5: Execute hands-on tasks for why firmware matters for security
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for UEFI, BIOS, and Secure Boot Security, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI