numbfx
August 9, 2020, 5:00am
1
Could someone please describe how to set up Boot Guard on a Manufacturing Mode enabled BIOS? [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization
If you happen to have the OEM’s Private RSA Key (unlikely unless you’re the OEM), you can input it at "SMIP Signing Key" field. Then go to "Build > Build Settings", input the Manifest Extension Utility (MEU) executable location at "Intel(R) Manifest Extension Utility Path" field, input Win32 OpenSSL Lite executable location at "Signing Tool Path" field, make sure that "OpenSSL" is selected at "Signing Tool" field, make sure that "Verify manifest signing keys against the OEM Key Manifest" is set to "Yes", leave all other settings intact and click Close. Now proceed to the next step of the guide.
Who Watch BIOS Watchers?
Modify UEFI firmware update image or Disable Intel Boot Guard
http://support.prosys.ro/Theon/Theon_470…Rev%201%201.pdf
This document gives an overview of the process of manifesting and signing OEM components that then will be included in the IFWI image for Apollo Lake platforms.OEMs are always required to add manifests to components in the IFWI images. However, they are not required to sign components, or add an OEM Key Manifest, unless they wish to •enable Secure Boot