In our previous "Defeating Signed BIOS Enforcement" talk, we discussed how some vendors' BIOS protections can be bypassed by an attacker who can get into SMM. In this talk we with discuss a new security issue that also leads to the bypass of access controls on an SPI flash chip. This can lead to the attacker reflashing the BIOS with embedded malicious code, defeating UEFI Secure Boot, or bricking the system. We will also discuss how we have been working with vendors to remediate these attacks, and what you can do to help protect yourself.