Intel® Trusted Execution Technology (Intel® TXT)
For questions and discussion on Intel® Trusted Execution Technology

Secure Boot attributes

New Contributor I



The secure boot features use some attributes that is not described anywhere. Here is my own definitions and they may not match Intel internal names, but the bits are correct. 

* Sequrity attributes
#define IA_UNTRUSTED               0x00000001
#define IA_UCODE                         0x00000002
#define IA_SMM                              0x00000004
#define UCODE_NPP                     0x00000008
#define IA_BOOT                            0x00000010
#define IA_XUCODE                       0x00000080
#define ALL_CPU_ACCESS           0x000000FF
#define PUNIT_TRUSTED             0x00000100
#define SEC_TRUSTED                  0x00000200
#define DRM                                     0x00000400
#define FUSESTRAP_PULLER      0x00000800
#define FUSE_PROVIDER              0x00001000
#define STRAP_PROVIDER           0x00002000
#define DFX_UNTRUSTED            0x00004000
#define DFX_TRUSTED                  0x00008000
#define PMC_TRUSTED                 0x00010000
#define DRANG                                0x00020000
#define ISH_TRUSTED                   0x00040000
#define ALL_ACCESS                      0x0007FFFF


I need to know what they mean and the intentions behind their use, in order to implement secure boot and features in our BIOS. As we are IBV (Independent Bios Vendor), we should be entitled to the information that the other IBVs have access to.


As I understand it, the bits above determines permissions to features in the hardware. For bringup you use some permissions to reduce restrictions and for production you will use other permissions for harder restrictions.


It must be a document of how these bits are used and an interest for Intel that IBVs implements full support for secure boot.




B-O Bergman

PQURE Technology 

0 Kudos
0 Replies