I have a question about the Sandy Bridge SINIT module
(2nd_gen_i5_i7_SINIT_51.BIN).
The developers kit has a set of programs for defining the default policy
(NVRAM index 0x50000001) and aux2 (NVRAM index 0x50000003).
All of the Sandy Bridge Machines that we currently have, have aux
predefined (0x50000002), and tboot and the SINIT module appear to work
fine.
We are currently in the position of having to define the Platform
Supplier indices before locking down the NVRAM.
The questions are:
Does it matter that AUX2 is not defined?
Is it a problem to define both the AUX and AUX2 indexes?
Given that there is nothing that is every written to AUX or AUX 2 by any
of tboot programs, I am assuming that they are used by the SINIT module
for internal scratch space.
Given that the SINIT module will not function with the NVRAM unlocked,
and that locking the NVRAM is a one way street, we would like to be
certain that we have the PS indices defined correctly before taking
that step.
Thanks for any help that you have available.
Charles
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
