Intel® System Debugger User Guide
Debug Token usage in UI
Provisioning a target requires a functional connection. First setup Intel® System Debugger and connect to your platform using Intel® Silicon View Technology (Intel® SVT), DbC USB Debug Cable or Intel® DCI OOB via Intel® SVT Closed Chassis Adapter (CCA).
Before starting, check if your Target State shows ‘Available’ in the ‘Connection’ view. The ‘Unlock’ shows the current unlock state:
To interact with the Intel® CSME firmware and generate and manage the applied token, open the Connection Editor
ensure all required CLI options are enabled (checked):
If this is not the case, you need to disconnect, check the checkboxes, save the configuration and connect again.
and scroll down to the ‘Target Information’ box:
There you can:
Refresh
To load the current unlock state and token consent from the target.
Erase Token
To erase a currently applied token from a target.
Warning: Erasing the token will have impact on the ability to debug your target and cannot be reverted except by injecting a valid token again.
Create Token
To create a new token.
Inject Token
To update the token on the target.
Warning: Injecting a wrong token will have impact on the ability to debug your target and cannot be reverted except by injecting a valid token again.
Create Token
Click on Create Token to open the token generation dialog
Select the Type
The token type controls with configuration options and levels of debug supports are available. The token type must match how the token is signed, and an Intel token must be signed by Intel while the regular OEM token must be signed by the OEM.
Configure Flags
If required, use flags to configure the acceptance behavior of a token. No configured flags mean the best safety for the token. See Flags.
Configure Expiration Time
Select the expiration time in seconds. The expiration time is bound to a Part ID and begins the moment the Part ID is generated.. See Expiration.
Configure Part ID(s)
Provide your target’s part ID. Click the ‘Load from Target’ button to load the Part ID from the currently connected hardware. Or use a Part ID received previously. To use multiple part IDs, enter them in the Part ID field separating them using a semicolon. See Part ID (a.k.a. Part Data or PID) for information on the format.
Note: Requesting a new part ID might invalidate a currently applied token. If the current token has not been created with the ‘No anti-replay’ flag enabled it will be rejected on the next boot after the new Part ID has been generated.
Configure Debug Support
System Debug Support, applies the knob configuration required to do system debugging, this includes to configure OEM Unlock or Intel Unlock (based on type) and to enable Run Control.
System Trace Support, applies the knob configuration required to do system tracing, this includes to configure OEM Unlock or Intel Unlock (based on type) and to enable Run Control and enable CSE Trace messages.
Based on token type and platform, the knob configuration applied through a switch differs. To ensure the right knobs are configured, manually review the ‘Extended Knob Configuration’.
Sign Token
Select your private key authorized by the firmware to sign the token
Check the Signing and Manifesting User Guide and the Tokens Guide for more information about: how to generate an own private key and include it into the firmware. These documents are available in the Intel® CSME firmware kit.
Inject Token
Click on Inject Token
Accept the disclaimer.
Select the token to be injected.