Intel® FSP (Firmware Support Package) is a critical component in the silicon bring-up processes, traditionally provided by Intel® as a binary to be integrated with a bootloader of customer’s choice (while source is provided for specific purposes).
As the demands of firmware development and enabling evolve, Intel recognizes the need for securing Intel assets like FSP, is more critical than ever. Intel is introducing “Signed FSP and Verified Boot Architecture” to provide integrity protection to Intel® FSP binary. This is the latest addition to the slew of capabilities that are already part of FSP, that will continue to expedite development cycles, enhance co-validation with customers, increase the velocity of deploying fixes in a secure manner and help customers launch products faster into the market.
This strategic shift involves significant architectural changes, such as simplifying bootloader – FSP interactions and implementing a robust signing and verification process through Intel's Root of Trust. These advancements not only harden silicon initialization but also enable standalone Intel® FSP updates in-field, offering a more streamlined approach to firmware development and management.
In this talk, we will explore the motivations behind Intel's Signed FSP approach and the benefits it provides to Intel’s customers. Attendees will gain insights into how these changes transform the boot flow, reduce integration efforts and help to reassign valuable engineering resources from FSP integration and validation to firmware development.