To reduce firmware-related security risks, Intel developed Intel PFR for server platforms. This feature protects critical firmware from attacks during boot and runtime. It can be treated as an implementation of Project Cerberus or NIST SP800-193.
Intel PFR also enables a protect-in-transit feature, allowing customers to lock and unlock systems to guard against firmware changes during shipment. and “Intel transparent supply chain with platform certificate to create transparency in the supply chain to prevent counterfeit components from being used.”
Figure 4-7 shows the Intel PFR system diagram. Figure 4-8 shows the Intel PFR boot flow. Figure 4-9 shows the Intel PFR reset sequence.