Intel® Converged Boot Guard and Intel® TXT

Intel^® Converged Boot Guard and Intel^® TXT (Intel^® CBnT) is a unification of Intel^® Trusted Execution Technology (Intel^® TXT) and Intel^® Platform Protection Technology with Boot Guard (BtG). CBnT merges elements of Intel^® TXT and BtG to enhance platform boot security, while also simplifying the implementation. Although CBnT implements some architectural changes, it is not fundamentally a new technology, but rather a fusion of existing BtG and Intel^® TXT technologies.

CBnT has been designed to allow greater commonality between implementations for client platforms and server platforms. Previously, the architectural implementation of Intel^® TXT was somewhat different between client and server platforms, which necessitated some differences in BIOS implementation depending on the platform. With CBnT, Intel has largely combined features across client and server thereby providing greater alignment in design of the BIOS and ACMs.

Intel® Converged BtG and Intel^® TXT provides both a static root of trust for verifying the BIOS initial boot block and measuring the boot path, as well as a dynamic root of trust for measuring the OS or VMM.

The purpose of BtG is to verify that the initial BIOS startup code is good, i.e., BIOS has not been maliciously nor inadvertently modified. Several different Boot Profiles are supported, which primarily differ in:

• Enforcement Policy: what actions are taken if BIOS cannot be verified.

• Measurement Policy: whether BIOS startup code is measured into the TPM for attestation.

The primary objective of Intel^® TXT is to provide a dynamic root of trust for measuring the OS or VMM thereby enabling platform boot into a secure measured launch environment (MLE). Intel^® TXT relies on the static root of trust provided by BtG to ensure validity of the MLE Trusted Compute Base (TCB), which is the BIOS code that is trusted to configure the platform. Intel^® TXT provides the ability to allow only a known good OS/VMM to launch into a trusted environment via a Launch Control Policy (LCP). And once an OS/VMM is in a trusted environment, Intel^® TXT protects memory secrets against surprise reset attacks.

With the modifications made to the Intel^® TXT architecture in CBnT, it is now required that some of the verifications performed by BtG be implemented for Intel^® TXT support. Verifications of pre-boot objects such as FIT, key and policy manifests, and of Startup BIOS.

Still formally all three combinations of constituent technologies are supported at OEM choice:

• BtG only enabled.

• Intel^® TXT only enabled.

• Both BtG and Intel^® TXT enabled.