Firmware Interface Table

BIOS Specification

Download as PDF
ID 599500
Date 04/14/2023
Intel Confidential

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents
Document Table of Contents
Legal Firmware Interface Table Introduction Summary of Key Requirements: FIT Pointer Firmware Interface Table
Legal
Firmware Interface Table Introduction
Summary of Key Requirements:
FIT Pointer
FIT Pointer FIT Pointer Rules
FIT Pointer Rules
Firmware Interface Table
Firmware Interface Table FIT Ordering Rules FIT Header (Type 0) Rules Microcode Update (Type 1) Rules Startup ACM (Type 2) Rules Diagnostic ACM (Type 3) Rules BIOS Startup Module (Type 7) Rules TPM Policy Record (Type 8) Rules BIOS Policy Data Record (Type 9) Rules Intel® TXT Policy Data Record (Type 0x0A) Rules Key Manifest Record (Type 0x0B) Rules Boot Policy Manifest (Type 0x0C) Rules Intel® CSE Secure Boot (Type 0x10) Rules Feature Policy Record (Type 0x2D) Rules
FIT Ordering Rules
FIT Header (Type 0) Rules
Microcode Update (Type 1) Rules
Startup ACM (Type 2) Rules
Diagnostic ACM (Type 3) Rules
BIOS Startup Module (Type 7) Rules
TPM Policy Record (Type 8) Rules
BIOS Policy Data Record (Type 9) Rules
Intel® TXT Policy Data Record (Type 0x0A) Rules
Key Manifest Record (Type 0x0B) Rules
Boot Policy Manifest (Type 0x0C) Rules
Intel® CSE Secure Boot (Type 0x10) Rules
Feature Policy Record (Type 0x2D) Rules
Legal
Firmware Interface Table Introduction
Summary of Key Requirements:
FIT Pointer
Firmware Interface Table

BIOS Policy Data Record (Type 9) Rules

Record Types 9 is used by legacy Intel® TXT FIT boot only and is not needed, if latter is not used. The BIOS policy is stored in the TPM.

  1. There can be zero or one type 9 Record in FIT. A Type 9 entry contains the BIOS policy data. If the platform uses Hash Comparison method and employs fail-safe bootblock, one Type 9 entry is needed, and it contains the fail-safe hash. If the platform uses Signature verification method, one Type 9 entry is needed. In this case, Type 9 entry contains the OEM key, hash of the BIOS and signature over the hash using OEM key. In all other cases, Type 9 entry is not required and should not be implemented.
  2. Type 9 entry must point to an address that is accessible by the processor at reset vector. The memory address should be within the low 4 GB of address space.
  3. The address must point to the LCP_​POLICY_​DATA structure.
  4. The Version field of Type 9 entry should be set to 0x0100.
  5. The C_​V bit in this entry should be clear.
  6. The Checksum field is set to 0.
  7. LCP_​POLICY_​DATA is a variable length data structure. The size field in a Type 9 entry specifies the size of LCP_​POLICY_​DATA data structure. Elements of LCP_​POLICY_​DATA data structure contains enough information to compute the length of LCP_​POLICY_​DATA data structure. The length of LCP_​POLICY_​DATA computed using a Type 9 entry must match the length computed using fields within LCP_​POLICY_​DATA
Intel® TXT Policy Data Record (Type 0x0A) Rules