Platform Firmware Resiliency

In modern platforms, system firmware is only one of multiple firmware images. Most system components rely on some form of device firmware. The scope of PFR covers both system firmware and device firmware images, so the trust chain is maintained for all boot firmware components. See Figure 4-1 for an overview diagram.

Figure 4-1: Component and Trust Chain, from NIST SP800-193

Device firmware may exist in a device-specific region that is managed by the device. In some cases, device firmware may reside in the same location as the system firmware, such as Serial Peripheral Interface (SPI) attached to flash, and the system firmware is responsible for loading the device firmware into a device firmware region.
Most device firmware initializes the hardware so it is functional at runtime. Examples include:
  • Network Interface Card (NIC)
  • Solid State Drive (SSD)
  • Universal Serial Bus (USB)
  • Battery management
Some device firmware is involved in the system boot process and may play an important role in system firmware verification. Examples include:
  • Embedded Controller (EC) firmware
  • Baseboard Management Controller (BMC) firmware
  • Intel® Converged Security and Management Engine (Intel® CSME)
  • Glue logic in a Field Programmable Gate Array (FPGA) or Complex Programmable Logic Device (CPLD)
There are multiple existing standards describing device authentication, including:
Figure 4-2 shows a high-level view of an authentication protocol.

Figure 4-2: High-level View of PCIe® Component Authentication (source: PCIe® Component Authentication)