From 9a9de77fc8a006cbb9a8d6cd44537cc3d9f37eec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 5 Dec 2025 14:39:55 +0100 Subject: [PATCH 1/2] docs/dasharo-tools-suite/documentation/features.md: add btg key validator MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../documentation/features.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/dasharo-tools-suite/documentation/features.md b/docs/dasharo-tools-suite/documentation/features.md index 55c9172dbc..452dc4c01d 100644 --- a/docs/dasharo-tools-suite/documentation/features.md +++ b/docs/dasharo-tools-suite/documentation/features.md @@ -552,3 +552,22 @@ v1.2.20, pending the resolution of this issue. We will reintroduce them once we determine the appropriate action to address this dependency. Progress on this matter is being monitored through issue [288](https://github.com/Dasharo/dasharo-issues/issues/288). + +### Verify Intel Boot Guard key + +It's possible to verify which keys currently running firmware is signed with: + +1. Enter the shell in DTS + +1. Execute `btg_key_validator` + +Example output: + +```bash +Reading flash... +Extracting key manifest... +Key matches NovaCustom Meteor Lake signing key. +``` + +The script will output information whether the platform firmware is signed with +the correct Intel Boot Guard key. From 5af5d46fa10811e7d38871d57ccc391a5ec1e623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Wed, 10 Dec 2025 16:34:02 +0100 Subject: [PATCH 2/2] docs/dasharo-tools-suite/documentation/features.md: move IBG verification to H2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../documentation/features.md | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/dasharo-tools-suite/documentation/features.md b/docs/dasharo-tools-suite/documentation/features.md index 452dc4c01d..3eb7450990 100644 --- a/docs/dasharo-tools-suite/documentation/features.md +++ b/docs/dasharo-tools-suite/documentation/features.md @@ -474,6 +474,25 @@ version. This is how we can achieve that. version: 2022-08-31_cbff21b ``` +## Verify Intel Boot Guard key + +It's possible to verify which keys currently running firmware is signed with: + +1. Enter the shell in DTS + +1. Execute `btg_key_validator` + +Example output: + +```bash +Reading flash... +Extracting key manifest... +Key matches NovaCustom Meteor Lake signing key. +``` + +The script will output information whether the platform firmware is signed with +the correct Intel Boot Guard key. + ## Additional features The section below presents a list of functionalities added to DTS, which were @@ -552,22 +571,3 @@ v1.2.20, pending the resolution of this issue. We will reintroduce them once we determine the appropriate action to address this dependency. Progress on this matter is being monitored through issue [288](https://github.com/Dasharo/dasharo-issues/issues/288). - -### Verify Intel Boot Guard key - -It's possible to verify which keys currently running firmware is signed with: - -1. Enter the shell in DTS - -1. Execute `btg_key_validator` - -Example output: - -```bash -Reading flash... -Extracting key manifest... -Key matches NovaCustom Meteor Lake signing key. -``` - -The script will output information whether the platform firmware is signed with -the correct Intel Boot Guard key.