Intel

Developer Zone

PlatformSeed

com.intel.crypto

Class PlatformSeed

  • java.lang.Object
    • com.intel.crypto.PlatformSeed


  • public final class PlatformSeed
    extends java.lang.Object

    This class provides a random unique per platform seed generated by CSE which can be used to seed cryptographic keys.

  • This seed is guaranteed to be unique per platform.
  • This seed is persistent, the same value is retained across CSE FW re-flash and update, CSE un-configure, power cycles.
    • Method Summary

      Methods
      Modifier and Type Method and Description
      static void disableBiosRetrieve()
      Disable the seed exposure to MBP (burns fuse).
      static boolean isReadableByBios()
      Checks if the seed is exposed to BIOS via MBP
      static byte[] retrieveUniqueSeed()
      Retrieves the random platform 64 bytes seed.
      static byte[] retrieveUniqueSeedByCurrSvn()
      Retrieves the random platform 64 bytes seed corresponding to the current SVN.
      static byte[] retrieveUniqueSeedByPrevSvn()
      Retrieves the previous random platform 64 bytes seed corresponding to the previous SVN.
      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, toString
    • Method Detail

      • retrieveUniqueSeed

        public static final byte[] retrieveUniqueSeed()
                                               throws CryptoException
        Retrieves the random platform 64 bytes seed.
        Returns:
        the unique platform seed (64 bytes)
        Throws:
        CryptoException - in case of internal error.
      • retrieveUniqueSeedByCurrSvn

        public static final byte[] retrieveUniqueSeedByCurrSvn()
                                                        throws CryptoException
        Retrieves the random platform 64 bytes seed corresponding to the current SVN.
        Returns:
        the unique platform seed (64 bytes)
        Throws:
        CryptoException - in case of internal error.
      • retrieveUniqueSeedByPrevSvn

        public static final byte[] retrieveUniqueSeedByPrevSvn()
                                                        throws CryptoException
        Retrieves the previous random platform 64 bytes seed corresponding to the previous SVN.
        Returns:
        the previous unique platform seed (64 bytes)
        Throws:
        CryptoException - in case of internal error.
      • isReadableByBios

        public static final boolean isReadableByBios()
                                              throws CryptoException
        Checks if the seed is exposed to BIOS via MBP
        Returns:
        true if seed is exposed to the BIOS, false if not
        Throws:
        CryptoException - in case of internal error (if fuse can't be read).
      • disableBiosRetrieve

        public static final void disableBiosRetrieve()
                                              throws CryptoException
        Disable the seed exposure to MBP (burns fuse). this operation uses FPF and its irreversible and can happen once. further invocations will have no side effects
        Throws:
        CryptoException - in case of internal error (if fuse can't be read/writen).