Embedded Intel® Core™ Processors
Communicate Intel® Core™ Hardware, Software, Firmware, Graphics Concerns
1324 Discussions

Intel Boot Guard, devkit, MFIT and related tools

Kgb
Beginner
2,042 Views

Hi

 

We are building a secure bootloader that must be verified by Intel Boot Guard.

This document: "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/key-usage-in-integrated-firmware-images.html" says:

"Thus, Intel provides special tools to allow the OEM to specify their boot policy and public key hash value."

Where can I find these special tools?

 

Thanks

0 Kudos
2 Replies
Diego_INTEL
Moderator
1,909 Views

Hello @Kgb,

 

Thank you for contacting Intel Embedded Community.

 

I think it is referring to the CSME package and the FIT tool to build the corresponding image.

 

You will need a Premier account in order to get access to the documentation.

https://www.intel.com/content/www/us/en/support/articles/000058073/programs/resource-and-documentation-center.html

 

Best regards,

 

@Diego_INTEL 

0 Kudos
Kgb
Beginner
901 Views

Hi @Diego_INTEL 

 

I have a premier account. I also note that the stitch tool from SBL says:

"This is an IFWI stitch config script for Slim Bootloader For the FIT tool and

stitching ingredients listed in step 2 below, please contact your Intel representative."
 
"Intel provides OEMs, ODMs, and Independent BIOS Vendors (IBVs) source code and binary code modules that serve as a reference for how to develop system BIOS and other platform FW, as well as tools to manage the setup and configuration of that firmware. Intel provides training and reference documentation to educate customers on recommended methods for how to develop a properly configured and secure system.

In the reference code provided for the above purposes, Intel included documentation and examples for how to build the reference version of the firmware, including example keys to demonstrate the process. The documentation enumerated the process necessary to build a production level IFWI"

 

So, I'm reaching out and I also reached out to Intel Support but they just referred me to this community forum.
 
Please point me to these "ingredients", reference documentation etc.
 
Thanks
 
 

 

0 Kudos
Reply