Embedded Intel® Core™ Processors
Communicate Intel® Core™ Hardware, Software, Firmware, Graphics Concerns
1326 Discussions

Intel Boot Guard, devkit, MFIT and related tools

Kgb
Beginner
‎07-23-2025 08:47 AM
2,048 Views

Hi

 

We are building a secure bootloader that must be verified by Intel Boot Guard.

This document: "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/key-usage-in-integrated-firmware-images.html" says:

"Thus, Intel provides special tools to allow the OEM to specify their boot policy and public key hash value."

Where can I find these special tools?

 

Thanks

0 Kudos

Link Copied

2 Replies
Diego_INTEL
Moderator
‎07-25-2025 02:31 PM
1,915 Views

Hello @Kgb,

 

Thank you for contacting Intel Embedded Community.

 

I think it is referring to the CSME package and the FIT tool to build the corresponding image.

 

You will need a Premier account in order to get access to the documentation.

https://www.intel.com/content/www/us/en/support/articles/000058073/programs/resource-and-documentation-center.html

 

Best regards,

 

@Diego_INTEL 

0 Kudos
Copy link
Kgb
Beginner
‎08-04-2025 08:59 AM
907 Views

Hi @Diego_INTEL 

 

I have a premier account. I also note that the stitch tool from SBL says:

"This is an IFWI stitch config script for Slim Bootloader For the FIT tool and

stitching ingredients listed in step 2 below, please contact your Intel representative."
 
"Intel provides OEMs, ODMs, and Independent BIOS Vendors (IBVs) source code and binary code modules that serve as a reference for how to develop system BIOS and other platform FW, as well as tools to manage the setup and configuration of that firmware. Intel provides training and reference documentation to educate customers on recommended methods for how to develop a properly configured and secure system.

In the reference code provided for the above purposes, Intel included documentation and examples for how to build the reference version of the firmware, including example keys to demonstrate the process. The documentation enumerated the process necessary to build a production level IFWI"

 

So, I'm reaching out and I also reached out to Intel Support but they just referred me to this community forum.
 
Please point me to these "ingredients", reference documentation etc.
 
Thanks
 
 

 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.