Method to ensure platform silicon configuration integrity

摘要

Some aspects include beginning a power on self test (POST) by a BIOS for a computer system; enumerating the computer system by the BIOS; providing, based on the enumeration of the computer system by the BIOS, at least one configuration setting of the computer system to a management engine (ME) of the computer system; and applying a lock to the at least one configuration setting by the ME to manage a change to the at least one configuration setting, all prior to an ending of the POST.

主权项

1. A method comprising:
beginning a power on self-test (POST) by a Basic Input/Output System (BIOS) for a computer system; enabling all clock outputs of a computer system by a management engine (ME) of the computer system, the ME being a microcontroller distinct from the BIOS comprising an architectural component of a platform of the computer system; enumerating the computer system by the BIOS to ascertain all devices present in the computer system; providing, based on the enumeration of the computer system by the BIOS, at least one configuration setting of the computer system to the ME of the computer system; applying a lock, in accordance with the at least one configuration setting, by the ME to manage a change to the at least one configuration setting to disable at least one of the devices present in the computer system in response to the BIOS being not fully locked down to the computer system in accordance with the at least one configuration setting, all prior to an ending of the POST; and generating a unique key by the ME, wherein a bus command to access the at least one configuration setting includes the key.