https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269016#M3363 <P>Hi Fred</P><P></P><P>Please check <A href="https://software.intel.com/en-us/blogs/2012/09/25/how-to-enable-an-intel-trusted-execution-technology-capable-server">https://software.intel.com/en-us/blogs/2012/09/25/how-to-enable-an-intel-trusted-execution-technology-capable-server</A> How to Enable an Intel® Trusted Execution Technology Capable Server</P><P></P><P>And make sure to enable TXT Technology in system configuration.</P><P></P><P>We will upload the Document Number: 515108 <B>Bay Trail T/I Platform, Manufacturing Recommendation for Intel® Trusted Execution Engine (Intel® TXE) Firmware, Guidelines and Recommendations </B>to EDC Library, we will let you know as soon as the file is available.</P><P></P><P>Best Regards.</P><P>Josue.</P> Wed, 11 Mar 2015 18:05:53 GMT Josue_C_Intel 2015-03-11T18:05:53Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269013#M3360 <P>Hi All,</P><P></P><P>I am looking for a way to take advantage of the hardware root of trust provided by the TXE to securely store platform keys. In the E3800 datasheet, under Section 22 titled "Intel Trusted Execution Engine (TXE)", "Chip Unique Key encryption key wrapping of other platform keys (Flash)" is listed as a supported feature by the firmware. This is exactly what we need in our application. However, we cannot find any documentation on how to enable this functionality. I'm hoping that someone in this forum will be able to point me to the right direction.</P><P></P><P>I had originally hoped to get this functionality via Intel PTT and TPM2.0. However, in another thread, Josue helped me discover that the Bay Trail-I E3845 SoC does not actually support PTT over TXE. So I'm back to asking this more fundamental question of just how to enable hardware key wrapping using TXE.</P><P></P><P>Thanks, Fred Young</P> Mon, 09 Mar 2015 20:42:03 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269013#M3360 FYoun1 2015-03-09T20:42:03Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269014#M3361 <P>Hi <B>Fred</B></P><P></P><P>We are working this case, we will let you know any update as soon as possible.</P><P></P><P>Regards.</P><P>Josue.</P> Tue, 10 Mar 2015 22:51:34 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269014#M3361 Josue_C_Intel 2015-03-10T22:51:34Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269015#M3362 <P>Hi Fred </P><P></P><P>What is the current TXE firmware version installed on the system?</P><P></P><P>Regards.</P><P>Josue.</P> Wed, 11 Mar 2015 16:10:26 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269015#M3362 Josue_C_Intel 2015-03-11T16:10:26Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269016#M3363 <P>Hi Fred</P><P></P><P>Please check <A href="https://software.intel.com/en-us/blogs/2012/09/25/how-to-enable-an-intel-trusted-execution-technology-capable-server">https://software.intel.com/en-us/blogs/2012/09/25/how-to-enable-an-intel-trusted-execution-technology-capable-server</A> How to Enable an Intel® Trusted Execution Technology Capable Server</P><P></P><P>And make sure to enable TXT Technology in system configuration.</P><P></P><P>We will upload the Document Number: 515108 <B>Bay Trail T/I Platform, Manufacturing Recommendation for Intel® Trusted Execution Engine (Intel® TXE) Firmware, Guidelines and Recommendations </B>to EDC Library, we will let you know as soon as the file is available.</P><P></P><P>Best Regards.</P><P>Josue.</P> Wed, 11 Mar 2015 18:05:53 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269016#M3363 Josue_C_Intel 2015-03-11T18:05:53Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269017#M3364 <P>Hi! I see 515108 is already on the EDC. It can be found typing 515108 in the search box or here is the URL: <A href="https://www-ssl.intel.com/content/www/us/en/secure/intelligent-systems/privileged/bay-trail/atom-e3800-t-i-manufacturing-rec-txe-firmware.html?wapkw=515108">https://www-ssl.intel.com/content/www/us/en/secure/intelligent-systems/privileged/bay-trail/atom-e3800-t-i-manufacturing-rec-txe-firmware.html?wapkw=515108</A> <A href="https://www-ssl.intel.com/content/www/us/en/secure/intelligent-systems/privileged/bay-trail/atom-e3800-t-i-manufacturing">https://www-ssl.intel.com/content/www/us/en/secure/intelligent-systems/privileged/bay-trail/atom-e3800-t-i-manufacturing</A>… This document is classified as "Intel Confidential."</P> Wed, 11 Mar 2015 18:10:33 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269017#M3364 Natalie_Z_Intel 2015-03-11T18:10:33Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269018#M3365 <P>Hi Josue,</P><P></P><P>Regarding the TXE firmware version; we've tried version 1.0.2.1067 from BAY_TRAIL_FSP_KIT_GOLD3.tgz and version 1.1.0.1089 from 543843_BYT_I_DUAL_BOOT_TXE_KIT_GOLD_RELEASE_1.1.0.1089.tar.</P><P></P><P>&nbsp;</P><P>Fred Young</P> Thu, 12 Mar 2015 16:40:56 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269018#M3365 FYoun1 2015-03-12T16:40:56Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269019#M3366 <P>Hi Josue,</P><P></P><P>I don't think TXT applies to Bay Trail SoCs. Also, we already have document 515108_ByTti_TXEMfgRecomm_Rev1p2.pdf; that just tells us how to use the manufacturing tools but not about how to accomplish key wrapping.</P><P></P><P>Thanks, Fred Young</P> Mon, 16 Mar 2015 18:23:31 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269019#M3366 FYoun1 2015-03-16T18:23:31Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269020#M3367 <P>Hi Fred</P><P></P><P>We have found Document # 543572 Intel® TXE Slim FW and tools for Intel® Atom™ Processor, E3800 (Bay Trail-I) Product Family. </P><P>From section 2.5 Intel® TXE Setting Checker Tool. <I><B>This tool retrieves and displays information about some of the Intel® TXE settings, the Intel® TXE FW version, and the FW capability on the platform.</B></I></P><P>From section 6 Intel® TXEInfo. <B><I>This tool Intel TXEInfo provide a simple test to check whether the Intel® TXE FW is alive or not.</I></B></P><P></P><P>We will let you know as soon as the tool is available in EDC Library.</P><P></P><P>Regards.</P><P>Josue.</P> Mon, 16 Mar 2015 22:25:06 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269020#M3367 Josue_C_Intel 2015-03-16T22:25:06Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269021#M3368 <P>Hi Fred</P><P></P><P>&nbsp;</P><P>While we're waiting for 543572 to be uploaded you may find document # 527101 helpful .</P><P><A href="https://www-ssl.intel.com/content/www/us/en/secure/intelligent-systems/privileged/bay-trail/atom-e3800-m-d-i-soc-linux-txe-firmware-guide.html">https://www-ssl.intel.com/content/www/us/en/secure/intelligent-systems/privileged/bay-trail/atom-e3800-m-d-i-soc-linux-txe-firmware-guide.html</A> Intel® Atom™ Processor E3800 Product Family/ Intel® Celeron® Processor N2920/J1900– Linux System Tools for Intel® Trusted Execution Engine Firmware</P><P>&nbsp;</P><P><A href="https://www-ssl.intel.com/content/www/us/en/secure/intelligent-systems/privileged/bay-trail/atom-e3800-m-d-i-soc-linux-txe-firmware-guide.html">https://www-ssl.intel.com/content/www/us/en/secure/intelligent-systems/privileged/bay-trail/atom-e3800-m-d-i-soc-linux-txe-firmware-guide.html</A> User Guide</P><P></P><P>Regards.</P><P>Josue.</P> Mon, 16 Mar 2015 23:20:00 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269021#M3368 Josue_C_Intel 2015-03-16T23:20:00Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269022#M3369 <P>Hi Josue,</P><P></P><P>We understand that Bay Trail E3845 (Bay Trail I) has a number of Field programmable fuses that can be set by certain tools provided by Intel.</P><P></P><P>The Intel Trusted Execution Engine Bring-Up Guide, 515108_ByTti_TXEMfgRecomm_Rev1p2.pdf, lists the "Fuse file IDs" that can be specified in the FPF configuration file, for example, OEM_KEY_HASH_1.</P><P></P><P>We would like to know if there are unused fuses in Bay Trail that could be used to store other OEM-specific information.</P><P></P><P>Thanks, Fred Young</P> Wed, 18 Mar 2015 23:09:16 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269022#M3369 FYoun1 2015-03-18T23:09:16Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269023#M3370 <P>Hi Fred</P><P></P><P>&nbsp;</P><P>Document <A href="https://www-ssl.intel.com/content/www/us/en/secure/embedded/nda/products/bay-trail/atom-e3800-txe-slim-fw-and-tools.html">https://www-ssl.intel.com/content/www/us/en/secure/embedded/nda/products/bay-trail/atom-e3800-txe-slim-fw-and-tools.html</A> # 543572 Intel® TXE Slim FW and tools for Intel® Atom™ Processor, <A href="https://www-ssl.intel.com/content/www/us/en/secure/embedded/nda/products/bay-trail/atom-e3800-txe-slim-fw-and-tools.html">https://www-ssl.intel.com/content/www/us/en/secure/embedded/nda/products/bay-trail/atom-e3800-txe-slim-fw-and-tools.html</A> E3800 (Bay Trail-I) Product Family is now available in EDC Library.</P><P></P><P>&nbsp;</P><P>We still working in your thread, please stay tuned.</P><P></P><P>&nbsp;</P><P>Best Regards.</P><P>Josue.</P><P>&nbsp;</P> Fri, 20 Mar 2015 17:32:51 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269023#M3370 Josue_C_Intel 2015-03-20T17:32:51Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269024#M3371 <P>FYI, FredYoung - we added a user guide to the EDC, <A href="http://www.intel.com/content/www/us/en/secure/embedded/nda/products/bay-trail/atom-e3800-m-d-t-soc-txe-firmware-guide.html">http://www.intel.com/content/www/us/en/secure/embedded/nda/products/bay-trail/atom-e3800-m-d-t-soc-txe-firmware-guide.html</A> Bay Trail-M/D/T SoC - System Tools for Intel® Trusted Execution Engine Firmware. It is classified as Intel Confidential.</P> Fri, 20 Mar 2015 18:57:39 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269024#M3371 Natalie_Z_Intel 2015-03-20T18:57:39Z https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269025#M3372 <P>Hello Fred Young</P><P></P><P>There is no reference to additional fuses that could be used to store other OEM-specific information.</P><P></P><P>As mentioned in section 2.1.7 FPF Programming </P><P></P><P><I>"This fuse is one time programmable inside Bay Trail SoC ... and should not be change after manufacturing and shipment."</I></P><P></P><P>Best Regards,</P><P>Josue.</P> Mon, 23 Mar 2015 17:37:26 GMT https://community.intel.com/t5/Embedded-Intel-Atom-Processors/Using-Bay-Trail-TXE-for-secure-key-wrapping/m-p/269025#M3372 Josue_C_Intel 2015-03-23T17:37:26Z