[coreboot] Question about PK location

Andrey Petrov andrey.petrov at intel.com
Thu Mar 16 16:05:59 CET 2017


Hi,

On 03/16/2017 07:44 AM, Rafael Machado wrote:

> /"Intel Boot Guard is intended to protect against this scenario. When
> your CPU starts up, it reads some code out of flash and executes it.
> With Intel Boot Guard, the CPU verifies a signature on that code before
> executing it[1]. The hash of the public half of the*_signing key is
> flashed into fuses on the CPU_*. It is the system vendor that owns this
> key and chooses to flash it into the CPU, not Intel.  "/
> /
> /
> /
> /
> I would just like to know if some intel spec or something similar has
> more details about the place this key can be stored.
> Does anyone here have this information?

I believe that is stored in FPF (Field Programmable Fuses).
There are some details here:
https://embedded.communities.intel.com/thread/8670

Best,
Andrey



More information about the coreboot mailing list