Intel® Converged Boot Guard and TXT

Intel^® Converged Boot Guard and Intel^® TXT (Intel^® CBnT) is an unification of Intel^® Trusted Execution Technology (Intel^® TXT) and Intel^® Platform Protection Technology with Intel^® Boot Guard. Intel^® CBnT merges elements of Intel^® TXT and Intel^® Boot Guard to enhance platform boot security, while also simplifying the implementation. Although Intel^® CBnT implements some architectural changes, it is not fundamentally a new technology, but rather a fusion of existing Intel^® Boot Guard and Intel^® TXT technologies.

Intel^® CBnT has been designed to allow greater commonality between implementations for client platforms and server platforms. Previously, the architectural implementation of Intel^® TXT was somewhat different between client and server platforms, which necessitated some differences in BIOS implementation depending on the platform. With Intel^® CBnT, Intel has largely combined features across client and server providing greater alignment in design of the BIOS and ACMs.

Intel^® Converged Boot Guard and Intel^® TXT provides both a static root of trust for verifying the BIOS initial boot block and measuring the boot path, as well as a dynamic root of trust for measuring the OS or VMM.

The purpose of Intel^® Boot Guard is to verify that the initial BIOS startup code is good, i.e., BIOS has not been maliciously nor inadvertently modified. Several different Boot Profiles are supported, which primarily differ in:

• Enforcement Policy: what actions are taken if BIOS cannot be verified.

• Measurement Policy: whether BIOS startup code is measured into the TPM for attestation.

The primary objective of Intel^® TXT is to provide a dynamic root of trust for measuring the OS or VMM enabling platform boot into a secure measured launch environment (MLE). Intel^® TXT relies on the static root of trust provided by Intel^® Boot Guard to ensure validity of the MLE Trusted Compute Base (TCB), which is the BIOS code that is trusted to configure the platform. Intel^® TXT provides the ability to allow only a known good OS/VMM to launch into a trusted environment via a Launch Control Policy (LCP). And once an OS/VMM is in a trusted environment, Intel^® TXT protects memory secrets against surprise reset attacks.

With the modifications made to the Intel^® TXT architecture in Intel^® CBnT, it is now required that some of the verifications performed by Intel^® Boot Guard be implemented for Intel^® TXT support. Verifications of pre-boot objects such as FIT, key and policy manifests, and of Startup BIOS.

Still formally all four combinations of constituent technologies are supported at OEM choice:

• Intel^® Boot Guard only enabled.

• Intel^® TXT only enabled.

• Both Intel^® Boot Guard and Intel^® TXT enabled.