fa0ef81d15
Change-Id: I9e9606d0e4294ad3552ec3b3b44629f9e732d82b Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33416 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subrata.banik@intel.com>
1.6 KiB
1.6 KiB
Intel Authenticated Code Modules
The Authenticated Code Modules (ACMs) are Intel digitally signed modules that contain code to be run before the traditional x86 CPU reset vector. The ACMs can be invoked at runtime through the GETSEC instruction, too.
A platform that wants to use Intel TXT must use two ACMs:
- BIOS ACM
- The BIOS ACM must be present in the boot flash.
- The BIOS ACM must be referenced by the FIT.
- SINIT ACM
Retrieving ACMs
The ACMs can be downloaded on Intel's website: Intel Trusted Execution Technology
If you want to extract the BLOB from vendor firmware you can search for the
string LCP_POLICY_DATA
or TXT
.
Header
Every ACM has a fixed size header:
/*
* ACM Header v0.0 without dynamic part
* Chapter A.1
* Intel TXT Software Development Guide (Document: 315168-015)
*/
struct acm_header_v0 {
uint16_t module_type;
uint16_t module_sub_type;
uint32_t header_len;
uint16_t header_version[2];
uint16_t chipset_id;
uint16_t flags;
uint32_t module_vendor;
uint32_t date;
uint32_t size;
uint16_t txt_svn;
uint16_t se_svn;
uint32_t code_control;
uint32_t error_entry_point;
uint32_t gdt_limit;
uint32_t gdt_ptr;
uint32_t seg_sel;
uint32_t entry_point;
uint8_t reserved2[63];
} __packed;