Intel® Trusted Execution Technology: Software Development Guide Intel Txt
User Manual:
Open the PDF directly: View PDF
Page Count: 167 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- Intel® Trusted Execution Technology (Intel® TXT) - Software Development Guide
- Contents
- Revision History
- 1 Overview
- 1.1 Measurement and Intel® Trusted Execution Technology (Intel® TXT)
- 1.2 Dynamic Root of Trust
- 1.3 Storing Measurement
- 1.4 Controlled Take-down
- 1.5 SMX and VMX Interaction
- 1.6 Authenticated Code Module
- 1.7 Chipset Support
- 1.8 TPM Usage
- 1.9 Hash Algorithm Support
- 1.10 PCR Usage
- 1.11 DMA Protection
- 1.12 Intel® TXT Shutdown
- 2 Measured Launched Environment (MLE)
- 2.1 MLE Architecture Overview
- 2.2 MLE Launch
- 2.3 MLE Initialization
- 2.4 MLE Operation
- 2.4.1 Address Space Correctness
- 2.4.2 Address Space Integrity
- 2.4.3 Physical RAM Regions
- 2.4.4 Intel® Trusted Execution Technology Chipset Regions
- 2.4.5 Device Assignment
- 2.4.6 Protecting Secrets
- 2.4.7 Model Specific Register Handling
- 2.4.8 Interrupts and Exceptions
- 2.4.9 ACPI Power Management Support
- 2.4.10 Processor Capacity Addition (aka CPU Hotplug)
- 2.5 MLE Teardown
- 2.6 Other Considerations
- 3 Verifying Measured Launched Environments
- 3.1 Overview
- 3.2 LCP Components, V2 (TPM 1.2)
- 3.2.1 LCP Policy
- 3.2.2 PolicyControl Field for LCP_POLTYPE_LIST
- 3.2.3 PolicyHash Field for LCP_POLTYPE_LIST
- 3.2.4 LCP Policy Data
- 3.2.5 LCP Policy Element
- 3.2.6 Signed Policies
- 3.2.7 Supported Cryptographic Algorithms
- 3.2.8 Policy Engine Logic
- 3.2.9 Allow Any Policy
- 3.2.10 Policy with LCP_POLICY_DATA
- 3.2.11 Force Platform Owner Policy
- 3.2.12 Platform Owner Index
- 3.3 LCP Components, V3 (TPM2.0)
- 3.4 Combined Policy Engine Processing Logic
- 3.5 Revocation
- 4 Development and Deployment Considerations
- Appendix A Intel® TXT Execution Technology Authenticated Code Modules
- Appendix B SMX Interaction with Platform
- B.1 Intel® Trusted Execution Technology Configuration Registers
- B.1.1 TXT.STS – Status
- B.1.2 TXT.ESTS – Error Status
- B.1.3 TXT.ERRORCODE – Error Code
- B.1.4 TXT.CMD.RESET – System Reset Command
- B.1.5 TXT.CMD.CLOSE-PRIVATE – Close Private Space Command
- B.1.6 TXT.VER.FSBIF – Front Side Bus Interface
- B.1.7 TXT.DIDVID – TXT Device ID
- B.1.8 TXT.VER.QPIIF – Intel® QuickPath Interconnect Interface
- B.1.9 TXT.CMD.UNLOCK-MEM-CONFIG – Unlock Memory Config Command
- B.1.10 TXT.SINIT.BASE – SINIT Base Address
- B.1.11 TXT.SINIT.SIZE – SINIT Size
- B.1.12 TXT.MLE.JOIN – MLE Join Base Address
- B.1.13 TXT.HEAP.BASE – TXT Heap Base Address
- B.1.14 TXT.HEAP.SIZE – TXT Heap Size
- B.1.15 TXT.DPR – DMA Protected Range
- B.1.16 TXT.CMD.OPEN.LOCALITY1 – Open Locality 1 Command
- B.1.17 TXT.CMD.CLOSE.LOCALITY1 – Close Locality 1 Command
- B.1.18 TXT.CMD.OPEN.LOCALITY2 – Open Locality 2 Command
- B.1.19 TXT.CMD.CLOSE.LOCALITY2 – Close Locality 2 Command
- B.1.20 TXT.PUBLIC.KEY – AC Module Public Key Hash
- B.1.21 TXT.CMD.SECRETS – Set Secrets Command
- B.1.22 TXT.CMD.NO-SECRETS – Clear Secrets Command
- B.1.23 TXT.E2STS – Extended Error Status
- B.2 TPM Platform Configuration Registers
- B.3 Intel® Trusted Execution Technology Device Space
- B.1 Intel® Trusted Execution Technology Configuration Registers
- Appendix C Intel® TXT Heap Memory
- Appendix D LCP v2 Data Structures
- Appendix E LCP Data Structures, v3
- Appendix F Platform State upon SINIT Exit and Return to MLE
- Appendix G TPM Event Log
- Appendix H ACM Hash Algorithm Support
- Appendix I ACM Error Codes
- Appendix J TPM NV
- Appendix K Detailed LCP Checklists