Intel

Developer Zone

PlatformSeed

com.intel.crypto

Class PlatformSeed

Supported in Intel® CSME 13.0 and later and Intel® TXE 3.0 and later - otherwise NotSupportedException will be thrown. See each method for support details

  • java.lang.Object
    • com.intel.crypto.PlatformSeed


  • public final class PlatformSeed
    extends java.lang.Object

    This class provides a random unique per platform seed generated by Intel® CSE that can be used to seed cryptographic keys.

  • This seed is guaranteed to be unique per platform.
  • This seed is persistent, the same value is retained across Intel CSE firmware re-flash and update, Intel CSE un-configure, and power cycles.
    • Method Summary

      Methods
      Modifier and Type Method and Description
      static void disableBiosRetrieve()
      Disables the seed's exposure to the BIOS (burns fuse). Supported in Intel TXE 3.x, not supported in Intel CSME
      static boolean isReadableByBios()
      Checks whether the seed is exposed to BIOS. Supported in Intel TXE 3.x only, not supported in Intel CSME
      static byte[] retrieveUniqueSeed()
      Retrieves the random platform 64-byte seed. Supported in Intel TXE 3.x only, not supported in Intel CSME
      static byte[] retrieveUniqueSeedByCurrSvn()
      Retrieves the random platform 64-byte seed corresponding to the current SVN. Supported in Intel TXE 3.0 and later, and Intel CSME 13.0 and later
      static byte[] retrieveUniqueSeedByPrevSvn()
      Retrieves the previous random platform 64-byte seed corresponding to the previous SVN. Supported in Intel TXE 3.0 and later, and Intel CSME 13.0 and later
      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, toString
    • Method Detail

      • retrieveUniqueSeed

        public static final byte[] retrieveUniqueSeed()
                                               throws CryptoException
        Retrieves the random platform 64-byte seed. Supported in Intel TXE 3.x only, not supported in Intel CSME
        Returns:
        the unique platform seed (64 bytes)
        Throws:
        CryptoException - in case of internal error.
      • retrieveUniqueSeedByCurrSvn

        public static final byte[] retrieveUniqueSeedByCurrSvn()
                                                        throws CryptoException
        Retrieves the random platform 64-byte seed corresponding to the current SVN. Supported in Intel TXE 3.0 and later, and Intel CSME 13.0 and later
        Returns:
        the unique platform seed (64 bytes)
        Throws:
        CryptoException - in case of internal error.
      • retrieveUniqueSeedByPrevSvn

        public static final byte[] retrieveUniqueSeedByPrevSvn()
                                                        throws CryptoException
        Retrieves the previous random platform 64-byte seed corresponding to the previous SVN. Supported in Intel TXE 3.0 and later, and Intel CSME 13.0 and later
        Returns:
        the previous unique platform seed (64 bytes)
        Throws:
        CryptoException - in case of internal error.
      • isReadableByBios

        public static final boolean isReadableByBios()
                                              throws CryptoException
        Checks whether the seed is exposed to BIOS. Supported in Intel TXE 3.x only, not supported in Intel CSME
        Returns:
        True if seed is exposed to the BIOS, False if not
        Throws:
        CryptoException - in case of internal error (if fuse can't be read).
      • disableBiosRetrieve

        public static final void disableBiosRetrieve()
                                              throws CryptoException
        Disables the seed's exposure to BIOS (burns fuse). This operation burns an FPF, is irreversible, and can be executed once. Subsequent invocations have no effect. Supported in Intel TXE 3.x, not supported in Intel CSME.
        Throws:
        CryptoException - in case of internal error (if fuse cannot be read or written).