Traceable Firmware Bill of Materials Overview

Today, firmware attacks are on the rise. A platform may have different firmware coming from multiple vendors. It is important to know the original source of these firmware components. Trusted Computer Group (TCG) published a set of specifications on reference integrity manifest (RIM) information models and firmware integrity measurement (FIM) to enable compliance with NIST SP 800-155 BIOS Integrity Measurements. In this presentation, the speakers will introduce the work to measure firmware at the component level and later use that as evidence for a traceable firmware Bill of Materials (BOM) for verification. This webinar will introduce two examples. The first example is how we provide Intel firmware support package (FSP) component measurement to help trace the Intel Firmware Support Package (FSP) binary. The second example is how we use Secure Protocol and Data Model (SPDM) protocol to communicate and record the device firmware measurement to trace the device firmware.