xref: /aosp_15_r20/external/coreboot/Documentation/security/intel/txt.md (revision b9411a12aaaa7e1e6a6fb7c5e057f44ee179a49c) 
1# Intel Trusted Execution Technology
2
3Intel TXT allows
41. Attestation of the authenticity of a platform and its operating system.
52. Assuring that an authentic operating system starts in a
6   trusted environment, which can then be considered trusted.
73. Providing of a trusted operating system with additional
8   security capabilities not available to an unproven one.
9
10Intel TXT requirements:
11
121. Intel TXT requires a **TPM** to measure parts of the firmware before it's
13   run on the BSP.
142. Intel TXT requires signed **Authenticated Code Modules** ([ACM]s), provided
15   by Intel.
163. Intel TXT requires **CPU and Chipset** support (supported since
17   Intel Core 2 Duo/ICH9).
18
19## Authenticated Code Modules
20
21The ACMs are Intel digitally signed modules that contain code to be run
22before the traditional x86 CPU reset vector.
23
24More details can be found here: [Intel ACM].
25
26## Modified bootflow with Intel TXT
27
28With Intel TXT the first instruction executed on the BSP isn't the
29*reset vector*, but the [Intel ACM].
30It initializes the TPM and measures parts of the firmware, the IBB.
31
32### Marking the Initial Boot Block
33
34Individual files in the CBFS can be marked as IBB.
35
36More details can be found in the [Intel TXT IBB] chapter.
37
38### Measurements
39The IBBs (Initial Boot Blocks) are measured into TPM's PCR0 by the BIOS [ACM]
40before the CPU reset vector is executed. To identify the regions that need
41to be measured, the [FIT] contains one ore multiple *Type 7* entries, that
42point to the IBBs.
43
44### Authentication
45
46After the IBBs have been measured, the ACM decides if the boot firmware is
47trusted. There exists two validation modes:
481. HASH Autopromotion
49   * Uses a known good HASH stored in TPM NVRAM
50   * Doesn't allow to boot a fallback IBB
512. Signed BIOS policy
52   * Uses a signed policy stored in flash containing multiple HASHes
53   * The public key HASH of BIOS policy is burned into TPM by manufacturer
54   * Can be updated by firmware
55   * Allows to boot a fallback IBB
56
57At the moment only *Autopromotion mode* is implemented and tested well.
58
59In the next step the ACM terminates and the regular x86 CPU reset vector
60is being executed on the BSP.
61
62### Protecting Secrets in Memory
63
64Intel TXT sets the `Secrets in Memory` bit, whenever the launch of the SINIT
65ACM was successful.
66The bit is reset when leaving the *MLE* by a regular shutdown or by removing
67the CMOS battery.
68
69When `Secrets in Memory` bit is set and the IBB isn't trusted, the memory
70controller won't be unlocked, resulting in a platform that cannot access DRAM.
71
72When `Secrets in Memory` bit is set and the IBB is trusted, the memory
73controller will be unlocked, and it's the responsibility of the firmware to
74[clear all DRAM] and wipe any secrets of the MLE.
75The platform will be reset after all DRAM has been wiped and will boot
76with the `Secrets in Memory` bit cleared.
77
78### Configuring protected regions for SINIT ACM
79
80The memory regions used by the SINIT ACM need to be prepared and protected
81against DMA attacks.
82The SINIT ACM as well as the SINIT handoff data are placed in memory.
83
84### Locking TXT register
85
86As last step the TXT registers are locked.
87
88Whenever the SINIT ACM is invoked, it verifies that the hardware is in the
89correct state. If it's not the SINIT ACM will reset the platform.
90
91## For developers
92### Configuring Intel TXT in Kconfig
93Enable ``INTEL_TXT`` and set the following:
94
95``INTEL_TXT_BIOSACM_FILE`` to the path of the BIOS ACM provided by Intel
96
97``INTEL_TXT_SINITACM_FILE`` to the path of the SINIT ACM provided by Intel
98### Print TXT status as early as possible
99Add platform code to print the TXT status as early as possible, as the register
100is cleared on cold reset.
101
102## References
103More information can be found here:
104* [Intel TXT Software Development Guide]
105* [Intel TXT enabling]
106* [FIT]
107* [Intel TXT Lab Handout]
108
109[Intel TXT IBB]: txt_ibb.md
110[FIT]: ../../soc/intel/fit.md
111[Intel ACM]: acm.md
112[ACM]: acm.md
113[FIT table]: ../../soc/intel/fit.md
114[clear all DRAM]: ../memory_clearing.md
115[Intel TXT Lab Handout]: https://downloadmirror.intel.com/18931/eng/Intel%20TXT%20LAB%20Handout.pdf
116[Intel TXT Software Development Guide]: https://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf
117[Intel TXT enabling]: https://www.intel.com/content/dam/www/public/us/en/documents/guides/txt-enabling-guide.pdf
118