System Requirements
Intel® Platform Service Record (Intel® PSR) is supported on Intel vPro® Essentials and Intel vPro® Enterprise on:
- Raptor Lake platforms
- Alder Lake platforms with Raptor Lake CPU
Intel PSR requires Intel® CSME 16.1 firmware and later, and also requires enablement by the OEM.
Note: Intel PSR is supported only if Intel® UPID is supported. In addition, the Intel PSR log can be retrieved only if Intel UPID is enabled on the platform. For details on enabling Intel UPID, refer to Intel Unique Platform ID Usage.
Highlights
Intel PSR version 1.0 provides on-platform persistent / tamper resistant ledgers and counters of the following items belonging to the platform:
- Identifiers
- Intel® Unique Platform ID
- Platform Service Record ID
- Platform Genesis Record that includes the following information:
- Log Start Date (set at End of Manufacturing)
- OEM, Make, Model
- Country of Manufacturing
- OEM-defined metadata
- Ledgers containing information on:
- Chassis intrusions
- Intel PSR and Intel CSME Critical Events
- Counters for:
- Cumulative number of seconds in S0 state
- Cumulative number of S0->S5 transitions
- Cumulative number of S0->S4 transitions
- Cumulative number of S0->S3 transitions
- Cumulative number of warm resets
The Intel Platform Service Record provides an indicator that can attest to the Intel PSR Data having been generated by the platform showing that it was generated by the platform, allowing for potential tampering detection.
Intel® CSME provides an API over Intel MEI interface, available both before and after POST, that allows the Platform Service Record Data to be retrieved in a Data Structured Blob.
The Platform Service Record can be retrieved from the platform through UEFI and OS driver interfaces, enabling access to the Intel PSR Data Structure through:
- The Intel® Management and Security Status application, to display Intel PSR Data and Export to File
- UEFI BIOS setup menu to display Intel PSR or Export Intel PSR Data to USB
- 3rd party applications. Customers can use the Intel PSR SDK sample code and the APIs described below to build applications that access the data in the Intel PSR.
For information on the Intel® MEI interface that Intel® CSME provides for software applications to enable them to retrieve the Intel PSR information and state, see Intel Platform Service Record Intel MEI Protocol.
Use Cases for the Platform Service Record
- The Platform Service Record ID can be captured during manufacturing. It can be subsequently compared with the Platform Service Record ID on the platform to determine whether it was changed after the platform was shipped by the OEM. A mismatch would indicate that the Intel PSR has been reset, and that historical data is therefore missing.
- Key events captured within the Intel PSR Event Ledger, e.g., Chassis Intrusion Detection, can be observed over the life cycle of the platform to help assess confidence
- Platform S0 operational use and power state transitions can be assessed to aid in the determination of general wear or correlations of other platform events when determining platform decommission plans (repurpose, resell, recycle).
- Ability to export Intel PSR data and attesting of the platform (for example, via a cloud service)
Intel Platform Service Record Sample Output Example
The Intel PSR SDK includes a sample application (PlatformServiceRecord.exe) that demonstrates how to use the Intel PSR. The application includes the following functions:
- Retrieving the Platform Service Record log status
- Retrieving the Platform Service Record Log and verifying it
- Parsing and displaying the Platform Service Record log blob
- Saving the Platform Service Record to a file
For details on these options and others, and examples of running the sample application for various purposes, see the documentation included with the sample application.
Following is one example of the output that is generated when you run the sample application:
