Intel® Trusted Execution Technology (Intel® TXT)
For questions and discussion on Intel® Trusted Execution Technology
19 Discussions

Which chip stores FPF/Boot Guard OEM keys?

iws
Beginner
‎03-13-2023 06:58 AM
1,500 Views

Hi, I bought a computer a couple years ago that I recently used Intel's official tools to tell if it had Boot Guard enabled. My original plan was to port and flash Coreboot onto this machine, but due to the presence of Boot Guard this is not possible, so I am stuck with OEM UEFI. If I wanted to "disable" it, would I have to replace the PCH, the CPU, or the PCH and the CPU? Reading through the CSME whitepaper, it seems that the FPF keys are burned into the PCH but I'm not sure if I'm interpreting this correctly. Other experts have previously said that FPF keys are burned into the CPU. I'm not super interested in buying a new PC, and chipsets are available for cheap.

 

So, to reiterate my question: do I need to replace the CPU and the PCH or just the PCH to disable Boot Guard?

0 Kudos

Link Copied

2 Replies
innov_systems
Beginner
‎04-30-2023 12:11 PM
1,297 Views

If it's a laptop, I believe the PCH and CPU are combined, if it's a desktop, you can replace the PCH and you should be good to go.

0 Kudos
Copy link
kimj
Beginner
‎12-20-2023 10:14 PM
470 Views

How to replace same thing if I have laptop?

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.