How to Design a Micro Image for a Secure Boot Process

I know from just watching security news, for example, inside just had their BIOS updating keys leaked in a ransomware attack and they don't have a revocation mechanism. So isn't really a good solution that I know I would be happy to be wrong if anybody else has a good solution. Can you talk more about bootloader design and the concept of a micro image? There is a webinar done by Francois who basically iterated through a bunch of designs from his time at Pebble and then at Oculus.