Activating BootGuard via research

Hi,
I’m researching boot process for my MSc thesis in University.
I have a PC with 8th gen CPU (H310 chipset) and the UEFI image has in its FIT table two entries for KEYM and IBBM manifest but it points to empty structures. I created KEYM and IBBM and integrated instead of empty structures via UefiTool. I also fixed the FIT table so the KEYM/IBBM entries now have size of the added manifest.
In KEYM manifest- i took some other KEYM example from 8th gen CPU and changed the hash to Sha256(without exponent) of IBBM pubkey. After it added RSA_ENTRY with pubkey and signature. Signed the first 0x30 bytes.
In IBBM manifest- also took IBBM example and changed IBB descriptors Sha256 to good one and added RSA_ENTRY with pubkey and signature. Signed till PMSG location.
In Intel FIT.exe - i put hash of KEYM pubkey(with exponent) , manifest ID=0x1 and choose Bootguard Policy 5. Burn the image to flash.
I’m not doing close manufacture.
Unfortunately, the PC not boots. If i change to BG Policy to 3(verify but if fail continue) it also doesn’t boot (some strange BEEP sound happen). If i change BG Policy to 1 so it boots OK.
Did i make something wrong ? Any tip that can help me understand why BG not work ?

Thanks so much for any help !

I’m not really knowledgeable on BG aside from the presentations from Alexander Ermolov and Alex Matrosov but have you checked that you can actually adjust BG settings? Meaning, are the FPF unfused? Check with MEInfo -verbose.

Hi
Yes FPFs are not set. Can someone share a link for BIOS dump with Bootguard enabled for 8th or 9th generation CPU ?

@hypercall - what chipsets would that be, I’ll see if I have a dump with bootguard enabled for you

Thanks! It is usually Q370 or equivalent PCH 300…

This system has it enabled, but I do not have full dump - Asus UX533FD
It’s enabled in Dell Optiplex 7070 - Dump at #7 Upgrade Dell Optiplex 7070 ME from Standard to Intel Managed vPro
It’s also enabled in Asus UX481FL, if you need dump from this let me know what you need so I don’t have to send entire BIOS region (I compiled it, not direct chip dumped), but FD/ME is direct FPT dumped that I have
That’s all I have for now, have to run

* Edit - thanks, then Dell link above should get what you need, it’s Intel® Q370

Thanks ! any chance to get full dump of Asus UX533FD or to get MeInfo results on such PC ?

EDIT: delete this post ,wrong info .

Would be really nice to hear opinion of an expert how hap bit may affect all Intel “security features”… PTT probably won’t work, how to deal with ManufacturingMode closing, what happens with BG and Secure Boot after it is set