https://community.intel.com/t5/Intel-vPro-Platform/Are-there-two-different-Key-Manifests/m-p/1263245#M8362 <P>Hello Jon-xelex,</P><P><BR /></P><P>Thank you for joining the Intel community</P><P><BR /></P><P>Please allow us a bit of time in order to research on your question. We will get back to you soon.</P><P><BR /></P><P>Regards</P><P><BR /></P><P>Jose A.</P><P>Intel Customer Support Technician</P><P><I>For firmware updates and troubleshooting tips, visit:</I></P><P><I><A href="https://intel.com/support/serverbios" target="_blank">https://intel.com/support/serverbios</A></I></P><BR /> Thu, 11 Mar 2021 00:22:58 GMT JoseH_Intel 2021-03-11T00:22:58Z https://community.intel.com/t5/Intel-vPro-Platform/Are-there-two-different-Key-Manifests/m-p/1262209#M8355 <DIV class="lia-quilt-row lia-quilt-row-message-body"> <DIV class="lia-quilt-column lia-quilt-column-24 lia-quilt-column-single lia-quilt-column-message-body-content"> <DIV class="lia-quilt-column-alley lia-quilt-column-alley-single"> <DIV id="bodyDisplay" class="lia-message-body lia-component-message-view-widget-body lia-component-body-signature-highlight-escalation lia-component-message-view-widget-body-signature-highlight-escalation"> <DIV class="lia-message-body-content"> <P>I recently start develop BIOS for the new Tiger Lake CPU. I want to enable Intel Boot Guard technology to make platform much more secure, but I encounter one concept that baffle me in Boot Guard: Key Manifest.</P> <P>I reference <EM>Intel® Converged Boot Guard and Intel® Trusted ExecutionTechnology (Intel® TXT)</EM> (doc no 575623) document and it mentions a concept called Key Manifest, which stores hashed public key to verify Boot Policy Manifest components. Then I reference <EM>Tiger Lake and Rocket Lake Signing and Manifesting Guide </EM>for a clue about how signature work and how to make one. I encountered concept Key Manifest again in <EM>Tiger Lake and Rocket Lake Signing and Manifesting Guide</EM> (interestingly, this Key Manifest is called <EM>OEM Key Manifest</EM>), which contains hashed public key for firmware component (ISH, OS BootLoader, iUnit, Audio, ME...). Moreover, I compared structure of Key Manifest between two mentioned documents and they are different!</P> <P>I want to know if there are actually two different Key Manifests for two different purposes:</P> <P>- One for Intel Boot Guard (Key Manifest -&gt; Boot Policy Manifest -&gt; Initial Boot Block)</P> <P>- One for verify firmware components (Key Manifest -&gt; Firmware components). This Key Manifest is also called OEM Key Manifest</P> <P>Beside, I'd like to know if it happens that there are two different Key Manifest, are their signature's public key come from same Field Programmable Fuses (FPF)?</P> <P>Thank you!</P> </DIV> </DIV> </DIV> </DIV> </DIV> Mon, 08 Mar 2021 02:25:22 GMT https://community.intel.com/t5/Intel-vPro-Platform/Are-there-two-different-Key-Manifests/m-p/1262209#M8355 Jon-xelex 2021-03-08T02:25:22Z https://community.intel.com/t5/Intel-vPro-Platform/Are-there-two-different-Key-Manifests/m-p/1263245#M8362 <P>Hello Jon-xelex,</P><P><BR /></P><P>Thank you for joining the Intel community</P><P><BR /></P><P>Please allow us a bit of time in order to research on your question. We will get back to you soon.</P><P><BR /></P><P>Regards</P><P><BR /></P><P>Jose A.</P><P>Intel Customer Support Technician</P><P><I>For firmware updates and troubleshooting tips, visit:</I></P><P><I><A href="https://intel.com/support/serverbios" target="_blank">https://intel.com/support/serverbios</A></I></P><BR /> Thu, 11 Mar 2021 00:22:58 GMT https://community.intel.com/t5/Intel-vPro-Platform/Are-there-two-different-Key-Manifests/m-p/1263245#M8362 JoseH_Intel 2021-03-11T00:22:58Z https://community.intel.com/t5/Intel-vPro-Platform/Are-there-two-different-Key-Manifests/m-p/1263472#M8363 <P>Jon-xelex, Thank you for posting in the Intel® Communities Support.</P><P><BR /></P><P>In order for us to be able to provide the most accurate support on this matter, please visit, sign-in and submit your inquiry in our Intel® Developer Zone site, they will further assist you with this topic ion there:</P><P><A href="https://software.intel.com/content/www/us/en/develop/home.html" target="_blank">https://software.intel.com/content/www/us/en/develop/home.html</A></P><P><BR /></P><P>Regards,</P><P>Albert R.</P><P><BR /></P><P>Intel Customer Support Technician</P><P><BR /></P><BR /> Thu, 11 Mar 2021 18:25:43 GMT https://community.intel.com/t5/Intel-vPro-Platform/Are-there-two-different-Key-Manifests/m-p/1263472#M8363 Alberto_Sykes 2021-03-11T18:25:43Z