<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Secure Boot attributes in Intel® Trusted Execution Technology (Intel® TXT)</title>
    <link>https://community.intel.com/t5/Intel-Trusted-Execution/Secure-Boot-attributes/m-p/1603968#M56</link>
    <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The secure boot features use some attributes that is not described anywhere. Here is my own definitions and they may not match Intel internal names, but the bits are correct.&amp;nbsp;&lt;/P&gt;&lt;P&gt;/*&lt;BR /&gt;* Sequrity attributes&lt;BR /&gt;*/&lt;BR /&gt;#define IA_UNTRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000001&lt;BR /&gt;#define IA_UCODE &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000002&lt;BR /&gt;#define IA_SMM &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00000004&lt;BR /&gt;#define UCODE_NPP &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000008&lt;BR /&gt;#define IA_BOOT &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00000010&lt;BR /&gt;#define IA_XUCODE &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000080&lt;BR /&gt;#define ALL_CPU_ACCESS &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x000000FF&lt;BR /&gt;#define PUNIT_TRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000100&lt;BR /&gt;#define SEC_TRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00000200&lt;BR /&gt;#define DRM &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000400&lt;BR /&gt;#define FUSESTRAP_PULLER &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00000800&lt;BR /&gt;#define FUSE_PROVIDER &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00001000&lt;BR /&gt;#define STRAP_PROVIDER &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00002000&lt;BR /&gt;#define DFX_UNTRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00004000&lt;BR /&gt;#define DFX_TRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00008000&lt;BR /&gt;#define PMC_TRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00010000&lt;BR /&gt;#define DRANG &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00020000&lt;BR /&gt;#define ISH_TRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00040000&lt;BR /&gt;#define ALL_ACCESS &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x0007FFFF&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I need to know what they mean and the intentions behind their use, in order to implement secure boot and features in our BIOS. As we are IBV (Independent Bios Vendor), we should be entitled to the information that the other IBVs have access to.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;As I understand it, the bits above determines permissions to features in the hardware. For bringup you use some permissions to reduce restrictions and for production you will use other permissions for harder restrictions.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;It must be a document of how these bits are used and an interest for Intel that IBVs implements full support for secure boot.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;B-O Bergman&lt;/P&gt;&lt;P&gt;PQURE Technology&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Wed, 05 Jun 2024 06:17:00 GMT</pubDate>
    <dc:creator>B-OatPQURE</dc:creator>
    <dc:date>2024-06-05T06:17:00Z</dc:date>
    <item>
      <title>Secure Boot attributes</title>
      <link>https://community.intel.com/t5/Intel-Trusted-Execution/Secure-Boot-attributes/m-p/1603968#M56</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The secure boot features use some attributes that is not described anywhere. Here is my own definitions and they may not match Intel internal names, but the bits are correct.&amp;nbsp;&lt;/P&gt;&lt;P&gt;/*&lt;BR /&gt;* Sequrity attributes&lt;BR /&gt;*/&lt;BR /&gt;#define IA_UNTRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000001&lt;BR /&gt;#define IA_UCODE &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000002&lt;BR /&gt;#define IA_SMM &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00000004&lt;BR /&gt;#define UCODE_NPP &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000008&lt;BR /&gt;#define IA_BOOT &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00000010&lt;BR /&gt;#define IA_XUCODE &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000080&lt;BR /&gt;#define ALL_CPU_ACCESS &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x000000FF&lt;BR /&gt;#define PUNIT_TRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000100&lt;BR /&gt;#define SEC_TRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00000200&lt;BR /&gt;#define DRM &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00000400&lt;BR /&gt;#define FUSESTRAP_PULLER &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00000800&lt;BR /&gt;#define FUSE_PROVIDER &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00001000&lt;BR /&gt;#define STRAP_PROVIDER &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00002000&lt;BR /&gt;#define DFX_UNTRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00004000&lt;BR /&gt;#define DFX_TRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00008000&lt;BR /&gt;#define PMC_TRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00010000&lt;BR /&gt;#define DRANG &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x00020000&lt;BR /&gt;#define ISH_TRUSTED &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; 0x00040000&lt;BR /&gt;#define ALL_ACCESS &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;0x0007FFFF&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I need to know what they mean and the intentions behind their use, in order to implement secure boot and features in our BIOS. As we are IBV (Independent Bios Vendor), we should be entitled to the information that the other IBVs have access to.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;As I understand it, the bits above determines permissions to features in the hardware. For bringup you use some permissions to reduce restrictions and for production you will use other permissions for harder restrictions.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;It must be a document of how these bits are used and an interest for Intel that IBVs implements full support for secure boot.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;B-O Bergman&lt;/P&gt;&lt;P&gt;PQURE Technology&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 05 Jun 2024 06:17:00 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Trusted-Execution/Secure-Boot-attributes/m-p/1603968#M56</guid>
      <dc:creator>B-OatPQURE</dc:creator>
      <dc:date>2024-06-05T06:17:00Z</dc:date>
    </item>
  </channel>
</rss>

