[coreboot] Question about PK location
Rafael Machado
rafaelrodrigues.machado at gmail.com
Thu Mar 16 20:37:09 CET 2017
Thanks a lot Andrey!
Em qui, 16 de mar de 2017 às 12:07, Andrey Petrov <andrey.petrov at intel.com>
escreveu:
> Hi,
>
> On 03/16/2017 07:44 AM, Rafael Machado wrote:
>
> > /"Intel Boot Guard is intended to protect against this scenario. When
> > your CPU starts up, it reads some code out of flash and executes it.
> > With Intel Boot Guard, the CPU verifies a signature on that code before
> > executing it[1]. The hash of the public half of the*_signing key is
> > flashed into fuses on the CPU_*. It is the system vendor that owns this
> > key and chooses to flash it into the CPU, not Intel. "/
> > /
> > /
> > /
> > /
> > I would just like to know if some intel spec or something similar has
> > more details about the place this key can be stored.
> > Does anyone here have this information?
>
> I believe that is stored in FPF (Field Programmable Fuses).
> There are some details here:
> https://embedded.communities.intel.com/thread/8670
>
> Best,
> Andrey
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://www.coreboot.org/mailman/listinfo/coreboot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20170316/0f1e50ef/attachment.html>
More information about the coreboot
mailing list