Device Firmware Update
If the device firmware is updatable, the update must be verified.
The verifier is determined by the entity with write access to the device firmware location. The entity performing verification must be the same entity performing the update.
For example, if the device firmware is in the device internal location, which is not accessible by the host firmware, such as TPM, then the device must do the verification and update. If the device firmware is in the device internal location, but it is accessible by the host firmware, such as EC, then the host firmware may do the verification and update. If device firmware is on the external storage and loaded by system firmware, then the system firmware must do the verification and update.
Table 4-2: Device Firmware Update Verification
Item
Entity
Provider
Location
TP
Firmware Update Verification
OEM or IHV
Depends
CDI
Firmware Update TCB Code
OEM or IHV
Depends
Firmware Update Signature Database (Policy)
OEM or IHV
Depends
UDI
Device Firmware Update Package
IHV
Originally on external storage (e.g. Hard drive, USB, Memory, or Read-Write Flash), loaded into device firmware unlockable environment.
Last modified 1yr ago
Copy link