Device Firmware Boot

If device firmware is not in TCB, it must be verified by the system firmware or device firmware in TCB.
During system boot, host firmware may choose to verify some device firmware components. For device firmware stored in the device’s internal storage, verification may happen based upon device policy. For device firmware images in external storage loaded at runtime, verification is mandatory. Device firmware verification may follow the same rules as the system firmware verification. Device firmware is only loaded after it is verified.
Table 4-1: Device Firmware Boot Verification
Item
Entity
Provider
Location
TP
Device Firmware Verification
OEM or IHV
Flash (Read Only Code), Device ROM.
CDI
System Firmware or Device firmware TCB
OEM or IHV
Flash (Read Only Code), ROM
​
Device Firmware Signature Database (Policy)
OEM or IHV
Flash (Read Only Data), ROM
UDI
Device Firmware
IHV
Device Internal Storage (or)
External Storage (e.g. Hard drive, USB, Memory, or Read-Write Flash)

Platform Firmware Resiliency

Device Firmware Update

Last modified 2yr ago

Item	Entity	Provider	Location
TP	Device Firmware Verification	OEM or IHV	Flash (Read Only Code), Device ROM.
CDI	System Firmware or Device firmware TCB	OEM or IHV	Flash (Read Only Code), ROM
	Device Firmware Signature Database (Policy)	OEM or IHV	Flash (Read Only Data), ROM
UDI	Device Firmware	IHV	Device Internal Storage (or) External Storage (e.g. Hard drive, USB, Memory, or Read-Write Flash)