Intel Boot Guard System
template/bootguard (platform)
| Property | Description |
|---|---|
| Manufacturer | Intel |
| Model | Boot Guard System |
| Year | Undefined |
| Max CPU | Undefined |
| Max RAM | Undefined |
| Image | Undefined |
| Software: User-Facing Environment | Undefined |
| Software: Operating System | Undefined |
| Software: Bootloader/Recovery | Undefined |
| Firmware: Persistent Privileged Code (e.g. x86 SMM) | Proprietary |
| Firmware: Late Boot/Payload | Proprietary (Vendor UEFI) |
| Firmware: Platform Initialization | Proprietary (Vendor UEFI) |
| Firmware: Memory Initialization | Proprietary (Intel MRC/FSP) |
| Firmware: Early Boot (incl. RoT) | Proprietary (Vendor UEFI) |
| Firmware: Boot ROM | Proprietary (Boot Guard ACM) The Boot Guard ACM is technically a part of your firmware image. However, when using
Boot Guard, the ACM (which is loaded from flash and verified by the ME before the CPU comes out of reset) is the first code to execute on the CPU, rather than
the instruction at the reset vector in flash. While it is not stored in mask ROM, due to it being the first code to execute, and due to being supplied by Intel,
rather than by your firmware author, it is comparable to the (mask) Boot ROMs found in many non-x86 CPUs. |
| Firmware Signing | Proprietary (Boot Guard) |
| CPU Microcode | Undefined |
| Management Coprocessor: Firmware | Proprietary On Boot Guard systems, firmware signing prevents modifying the ME firmware even if the ME
itself would otherwise permit removing modules. |
| Communications Coprocessor: Internal Firmware | Undefined |
| Communications Coprocessor: Host-Loaded Firmware | Undefined |
| Security Coprocessor: Firmware | Undefined |
| Embedded Controller: Firmware | Undefined |
| Hardware: Board Electrical Schematic | Undefined |
| Hardware: Board PCB Design | Undefined |
| Hardware: CPU Instruction Set | Undefined |
| Hardware: CPU/SoC Implementation | Undefined |
| Hardware: CPU/SoC Synthesis Toolchain | Undefined |
Back to Table