Hi,
On 03/16/2017 07:44 AM, Rafael Machado wrote:
/"Intel Boot Guard is intended to protect against this scenario. When your CPU starts up, it reads some code out of flash and executes it. With Intel Boot Guard, the CPU verifies a signature on that code before executing it[1]. The hash of the public half of the*_signing key is flashed into fuses on the CPU_*. It is the system vendor that owns this key and chooses to flash it into the CPU, not Intel. "/ / / / / I would just like to know if some intel spec or something similar has more details about the place this key can be stored. Does anyone here have this information?
I believe that is stored in FPF (Field Programmable Fuses). There are some details here: https://embedded.communities.intel.com/thread/8670
Best, Andrey
Thanks a lot Andrey!
Em qui, 16 de mar de 2017 às 12:07, Andrey Petrov andrey.petrov@intel.com escreveu:
Hi,
On 03/16/2017 07:44 AM, Rafael Machado wrote:
/"Intel Boot Guard is intended to protect against this scenario. When your CPU starts up, it reads some code out of flash and executes it. With Intel Boot Guard, the CPU verifies a signature on that code before executing it[1]. The hash of the public half of the*_signing key is flashed into fuses on the CPU_*. It is the system vendor that owns this key and chooses to flash it into the CPU, not Intel. "/ / / / / I would just like to know if some intel spec or something similar has more details about the place this key can be stored. Does anyone here have this information?
I believe that is stored in FPF (Field Programmable Fuses). There are some details here: https://embedded.communities.intel.com/thread/8670
Best, Andrey
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot