That presentation looked boring at the beginning.
BIOS Write Enable, yawn A race condition, cute. And Intel even provides a bit to protect against that (why isn't that the default?!?).
But it got better when they started looking at UEFI boot scripts. They're written at boot time and give instructions what to do after a suspend/wakeup cycle to initialize the hardware again. So far, so good.
Where are those instructions? Turns out, in regular RAM. Every OS can overwrite them at will (because they're written at boot time, not at suspend-time), and the only reason they don't is that UEFI says "please leave this alone".
Which of course, the presenters didn't. And even a workaround, where that stuff is kept in SMRAM (outside the immediate control of the OS) didn't quite work because that secret data pointed back into regular memory.
And finally they figured out that non-volatile UEFI variables, which are stored in flash, are actually writable without sanity checks that way. Which allowed them to mess up even earlier code, getting around another protection mechanism.
And the final segue to the realization that once you control SMM, you own the flash (no matter what UEFI tries to do) raised a comment that Intel plans a hardware feature to lock that down. With a link to the patent for that feature.
Recap: Intel messed up. In hardware. In software. Several times. Their workarounds and protection measures don't quite protect the system until you're extra careful. And that's just this presentation.
There were similar incidents pretty much every year since 2009 (at least). One of them, found by Invisible Things Lab, was about Intel TXT, which is supposed to increase the platform's security - but because of a bug in their "Authenticated Code Module" used in that feature, actually lowered it by allowing trivial control over SMM to whoever looks at the box the right way.
And there is nothing someone outside Intel can do about it, because that code module is "authenticated" (read: signed), and so the broken code can't be fixed. It took them a while to release patched images, and I'm not sure if they even covered all platforms.
Now I looked at the patent's abstract. To quote: "writes are only allowed to the platform firmware storage location by an Authenticated Code Module"
If anyone has the legal capability to get Intel to cease&desist from ever writing or designing code again, please do so. It's a matter of IT security.