Desktop version

Home arrow Computer Science arrow A Practical Guide to TPM 2.0

Intel TXT Platform Components

There are many components to Intel TXT:

CPU and chipset hardware: The chipset contains special Intel TXT registers, many of which are readable and/or writeable only by Authenticated Code Modules and CPU microcode.

CPU microcode: This is hardwired firmware inside the microprocessor for executing groups of micro-operations that are combined to perform assembly language instructions as well as other internal CPU functions.

Intel Authenticated Code Modules (ACMs): These ACMs can only be created by Intel and are digitally signed with a private key that is only known to Intel. The public key is hardwired into

hardware registers in the chipset, and only a module signed with the matching private key is allowed to execute. ACMs are invoked by Intel microcode, and they function as extensions of microcode. For server Intel TXT, there are two ACMs, the BIOS ACM and the SINIT (measured launch initialization) ACM:

• The BIOS ACM contains several sub-functions (calls), two of which are:

• The Startup ACM [1] call is called by CPU microcode at power-on to start the SRTM. It typically measures the BIOS boot block, or, as it's called in UEFI, the SEC and PEI phases of BIOS.

• The Lock Config call is made by the BIOS just before it exits the part of the BIOS measured by the Startup

ACM. This performs some bookkeeping and locks some registers to prevent hostile software or firmware from changing critical hardware settings.

• The SINIT ACM contains only one call and is called by the OS or applications running under the OS in order to perform a measured launch (DRTM). Both ACMs always run in a special internal CPU memory that prevents DMA accesses to the memory and any snooping of the ACM code and data.

• GETSEC: This is a special Intel TXT assembly language instruction that invokes a function determined by a register setting. These functions invoke microcode flows used to enter, launch, and exit ACMs and exit the measured launch environment (MLE). [2]Which sub-functionality (leaf[3]) is invoked by the GETSEC instruction is determined by a register setting. This is how the BIOS ACM Lock Config and SINIT ACM calls are invoked.

BIOS enabling for Intel TXT: There is a table inside the BIOS, the firmware interface table (FIT), that tells the microcode and ACM whether Intel TXT is enabled, where the BIOS ACM is located, and which sections of BIOS to measure.


• PCRs in the TPM are used to store measurements of components involved in the boot process. Some of these PCRs can only be extended by microcode, and some are only extended by ACMs.

• NV indices are used to track some state information required by the verified launch process.

The specifics of PC-compatible TPMs are described in detail

in the TCG PC Client Platform TPM Profile (PTP) Specification. That specification describes the accessibility and number of the PCRs, special interfaces for measuring BIOS boot code, and other special TPM features used to support PC platforms.

OS/middleware enabling for Intel TXT: The OS or middleware has to start the measured launch. In some cases, this might be an application or module running under the OS; in others, it might be a commercial virtual machine manager (VMM) software package.

High level applications that use Intel TXT to make security decisions: Intel's Mount Wilson software is an example of this. For more examples and a much more detailed explanation of such high-level descriptions, read the book Building the Infrastructure for Cloud Security: A Solutions View (Apress, 2014).

All of these components work together to enable Intel TXT.

  • [1] The Startup ACM isn't a separate ACM, but a function contained in the BIOS ACM. The misleading name has historical roots.
  • [2] For a full description of this instruction and its leaves, see the “Safer Mode Extensions” chapter in the Intel 64 and IA-32 Architectures Software Developer's Manual, Volume 2B. This manual can be downloaded from
  • [3] Leaf is TXT jargon for a sub-function within an ACM.
< Prev   CONTENTS   Next >

Related topics