We report the success of a project that Google performed as a proof-of-concept for
increasing confidence in first-instruction integrity across a variety of server and
peripheral environments. We begin by motivating the problem of first-instruction
integrity and share the lessons learned from our proof-of-concept implementation.
Our goal in sharing this information is to increase industry support and engagement
for similar designs. Notable features include a vendor-agnostic capability to
interpose on the SPI peripheral bus (from which bootstrap firmware is loaded upon
power-on in a wide variety of devices today) without negatively impacting the
efficacy of any existing vendor- or device-specific integrity mechanisms, thereby
providing additional defense-in-depth.