Hi, For Intel TXT client platform there is no SINIT ACM embedded in BIOS, user has to install client platform specific SINIT ACM to make tboot work on the platform. For Intel TXT server platform, there always has a SINIT ACM in BIOS by default, but user have the chance to install a newer version of server specific SINIT ACM on your platform storage, like hard drive, tboot will check and use the newer version SINIT ACM among those loaded from hard drive and BIOS.
On the same page of TXT dev. Guide, there is also a line says “BIOSes that support this element type should report all ACMs that they carry; both BIOS ACMs and SINIT ACMs.” BIOS ACM here refers to another kind of ACM from Intel, which is transparent to end user. -Ning From: Daniel Mueller [mailto:danielmul...@vmware.com] Sent: Tuesday, September 20, 2016 9:38 AM To: tboot-devel@lists.sourceforge.net Subject: [tboot-devel] user-provided AC modules Hi, Looking at the tboot source code it seems to support finding and installing a user-provided AC module. Is this feature actually used with recent systems or do all systems ship with an ACM installed? I found the following line in the TXT development guide<http://www.intel.com/content/www/us/en/software-developers/intel-txt-software-development-guide.html>: Since the TXT architecture requires that BIOS provide at least one BIOS ACM, NumAcms must always be greater than 0. So it appears an ACM must be installed. Are there any known systems violating this constraint? Thanks, Daniel
------------------------------------------------------------------------------
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
