Hi Andrea,
I developed that BIOS for IGT although their payload was proprietary, i.e. I only gave them the technology to add to it. Their payload is designed to authenticate their OS (also proprietary), on an internal USB drive IIRC, prior to loading and running. And the hash for the system's root key is programmed into an OTP region of the system's SPI flash.
I can't recall anything to suggest the system could be easily repurposed by anyone outside of IGT. The system was specifically designed to be inflexible, in that regard, in order to address problems they'd experienced in older systems. It wouldn't surprise me if the internal drive was removed as part of decommissioning the system.
The payload may potentially contain an unadvertised hotkey to allow a password and which may present an option to configure a different boot path. Of course I have no knowledge of what password IGT would have chosen nor whether it would've been updated since its initial deployment. Assuming they built in that capability, the password wouldn't be discernable since only its signed hash would be detectable in the flash image.
Also, my memory is a little fuzzy on how early, in POST, the system's security actually begins. So it may be theoretically possible to design and build a new payload to remove/replace into the image. However, in my experience, there can be some real compatibility challenges between the version of libpayload used and the coreboot (SageBIOS) source.
Sorry that I don't have better news for you.
Marshall
On Fri, Feb 28, 2025 at 11:59 AM David Hendricks david.hendricks@gmail.com wrote:
Hi Andrea,
Is this actually a PC? A little Googling makes me think it's a gaming machine which may explain the "igt_secure" payload, in which case it may be designed to phone home or do some validation before booting the OS.
I think Paul has the right idea - see if it will boot from USB or whatever other media is available. If you can flash the firmware image then you can try swapping the payload with something else; the 16MB ROM should even be big enough to fit a minimal Linux kernel if you don't have ports for USB, SATA, etc. in that device.
The CPU is a Haswell which is still fairly popular in coreboot. If you have detailed hardware information then you might try to add a new mainboard target for your system. There are several examples in the src/mainboard directory and on review.coreboot.org (search for HASWELL).
I have never heard of `igt_secure`. As you can access the dump, you can
at least build the payload yourself, and replace `fallback/payload` or add it under `img/`. Maybe that works. No idea if the keys/hashes verify anything from this.
coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org