This captures current and future plans for classes involving security in the deep-dark of firmware! But Binarly is starting to give visibility into what's going on there with their binary analysis platform.

You could use the OST1 Rootkits class (opensecuritytraining.info/Rootkits.html) as a starting template, since that's the whole point of making the materials under CC licenses. Xeno Kovah isn't planning on updating it as he's off in Bluetooth world now.

As always, the recommendation is for students to take the class as it's meant to be seen at ost2.fyi/Fuzz1001 where you get lab instructions, etc.

PDFs are vector-based for full quality when zooming, and have click-to-go-to-class links

Designed for developers, security engineers, and researchers, the course covers both foundational TPM 2.0 concepts and practical hands-on development techniques for interacting with TPM hardware and simulators. This class has a median completion time of 13 hours.

New in v2.0+ is the BTIDALPOOL crowdsourcing server for researchers to push & pull data about devices they've discovered.