Firmware Interface Table
BIOS Specification
BIOS Policy Data Record (Type 9) Rules
Record Types 9 is used by legacy Intel® TXT FIT boot only and is not needed, if latter is not used. The BIOS policy is stored in the TPM.
- There can be zero or one type 9 Record in FIT. A Type 9 entry contains the BIOS policy data. If the platform uses Hash Comparison method and employs fail-safe bootblock, one Type 9 entry is needed, and it contains the fail-safe hash. If the platform uses Signature verification method, one Type 9 entry is needed. In this case, Type 9 entry contains the OEM key, hash of the BIOS and signature over the hash using OEM key. In all other cases, Type 9 entry is not required and should not be implemented.
- Type 9 entry must point to an address that is accessible by the processor at reset vector. The memory address should be within the low 4 GB of address space.
- The address must point to the LCP_POLICY_DATA structure.
- The Version field of Type 9 entry should be set to 0x0100.
- The C_V bit in this entry should be clear.
- The Checksum field is set to 0.
- LCP_POLICY_DATA is a variable length data structure. The size field in a Type 9 entry specifies the size of LCP_POLICY_DATA data structure. Elements of LCP_POLICY_DATA data structure contains enough information to compute the length of LCP_POLICY_DATA data structure. The length of LCP_POLICY_DATA computed using a Type 9 entry must match the length computed using fields within LCP_POLICY_DATA