Abstract: Examples described herein relate to software attestation. In some examples, circuitry is to generate measurements for software attestation of a device and wherein the circuitry is a sole generator of the measurements for software attestation for the device. In some examples, the measurements are based on one or more of: firmware image file, software executable binary, device state, and/or fuse measurements. In some examples, generate measurements for software attestation of the device includes performing a cryptographic hash over one or more of: firmware image file, software executable binary, device state, and/or fuse measurements.

Abstract: A data processing system (DPS) provides protection for firmware. The DPS comprises (a) a host module comprising a management engine and (b) a security module in communication with the host module. The security module comprises a security coprocessor and a secret identifier for the security module. The DPS also comprises at least one machine-accessible medium comprising host firmware and security firmware. The host firmware, when executed by the management engine, enables to management engine to determine whether the security module is in communication with the host module, based on the secret identifier for the security module. The security firmware, when executed by the security coprocessor, enables the security coprocessor (a) to verify integrity of the host firmware and (b) to prevent the host module from booting with the host firmware in response to a determination that the host firmware has lost integrity. Other embodiments are described and claimed.

Abstract: A data processing system (DPS) provides protection for firmware. The DPS comprises (a) a host module comprising a management engine and (b) a security module in communication with the host module. The security module comprises a security coprocessor and a secret identifier for the security module. The DPS also comprises at least one machine-accessible medium comprising host firmware and security firmware. The host firmware, when executed by the management engine, enables to management engine to determine whether the security module is in communication with the host module, based on the secret identifier for the security module. The security firmware, when executed by the security coprocessor, enables the security coprocessor (a) to verify integrity of the host firmware and (b) to prevent the host module from booting with the host firmware in response to a determination that the host firmware has lost integrity. Other embodiments are described and claimed.