com.intel.crypto
Class PlatformSeed
- java.lang.Object
-
- com.intel.crypto.PlatformSeed
-
public final class PlatformSeed extends java.lang.Object
This class provides a random unique per platform seed generated by CSE which can be used to seed cryptographic keys.
- This seed is guaranteed to be unique per platform.
- This seed is persistent, the same value is retained across CSE FW re-flash and update, CSE un-configure, power cycles.
-
-
Method Summary
Methods Modifier and Type Method and Description static void
disableBiosRetrieve()
Disable the seed exposure to MBP (burns fuse).static boolean
isReadableByBios()
Checks if the seed is exposed to BIOS via MBPstatic byte[]
retrieveUniqueSeed()
Retrieves the random platform 64 bytes seed.static byte[]
retrieveUniqueSeedByCurrSvn()
Retrieves the random platform 64 bytes seed corresponding to the current SVN.static byte[]
retrieveUniqueSeedByPrevSvn()
Retrieves the previous random platform 64 bytes seed corresponding to the previous SVN.
-
-
-
Method Detail
-
retrieveUniqueSeed
public static final byte[] retrieveUniqueSeed() throws CryptoException
Retrieves the random platform 64 bytes seed.- Returns:
- the unique platform seed (64 bytes)
- Throws:
CryptoException
- in case of internal error.
-
retrieveUniqueSeedByCurrSvn
public static final byte[] retrieveUniqueSeedByCurrSvn() throws CryptoException
Retrieves the random platform 64 bytes seed corresponding to the current SVN.- Returns:
- the unique platform seed (64 bytes)
- Throws:
CryptoException
- in case of internal error.
-
retrieveUniqueSeedByPrevSvn
public static final byte[] retrieveUniqueSeedByPrevSvn() throws CryptoException
Retrieves the previous random platform 64 bytes seed corresponding to the previous SVN.- Returns:
- the previous unique platform seed (64 bytes)
- Throws:
CryptoException
- in case of internal error.
-
isReadableByBios
public static final boolean isReadableByBios() throws CryptoException
Checks if the seed is exposed to BIOS via MBP- Returns:
- true if seed is exposed to the BIOS, false if not
- Throws:
CryptoException
- in case of internal error (if fuse can't be read).
-
disableBiosRetrieve
public static final void disableBiosRetrieve() throws CryptoException
Disable the seed exposure to MBP (burns fuse). this operation uses FPF and its irreversible and can happen once. further invocations will have no side effects- Throws:
CryptoException
- in case of internal error (if fuse can't be read/writen).
-
-