[coreboot] Question about PK location

Rafael Machado rafaelrodrigues.machado at gmail.com
Thu Mar 16 15:44:43 CET 2017

Hi everyone

I have a question, not 100% related to coreboot, but since the more skilled
persons I know are here, I would like to ask someone's help if possible.

I was search and trying to understand how does secureboot works. And during
this work I found this post: https://mjg59.dreamwidth.org/33981.html

And since this post is from someone I really respect (Mathew Garret), I
believed on what was said.

There we have the following sentence:

*"Intel Boot Guard is intended to protect against this scenario. When your
CPU starts up, it reads some code out of flash and executes it. With Intel
Boot Guard, the CPU verifies a signature on that code before executing
it[1]. The hash of the public half of the signing key is flashed into fuses
on the CPU. It is the system vendor that owns this key and chooses to flash
it into the CPU, not Intel.  "*

I would just like to know if some intel spec or something similar has more
details about the place this key can be stored.
Does anyone here have this information?

Thanks and Regards
Rafael R. Machado
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20170316/95e6a095/attachment.html>

More information about the coreboot mailing list