*Video*HPE-Silicon Root of Trust
There have been growing concerns that products delivered to a customer’s data center from supply bases that are not properly vetted can contain rogue tiny chips, malware, or compromised code.
Without having assurance of where their new IT products came from, or who had access to them, customers are now focusing on critical processes—including the manufacturing, distribution, and delivery aspects of a product’s lifecycle— for assurance that products delivered to their data centers are free from unauthorized activity
Putting security at the heart of our products is our priority at HPE. To expand on that commitment, we have extended secure capabilities from within the server, at the silicon level, to the physical hardening of it. This protects the server from tampering and any unauthorized activity from the time it is manufactured, during distribution and shipping, and throughout its lifecycle after it’s made it to a customer’s hands.
The Silicon Root of Trust satisfies organizations’ need for a robust security foundation that permits only trusted firmware to be loaded onto the server, and that can rapidly mitigate the impact of firmware attacks. It is able to recover itself from attacks by malicious code to a known and secure state, with trusted firmware, and without manual intervention.
Available on HPE Gen 10 servers, the Silicon Root of Trust is based on a hardware-validated boot process that ensures a computer system can only be started using code from an immutable source. This involves an anchor for the boot process rooted in hardware that cannot be updated or modified in any way. When combining this foundation with a cryptographically secured signature, there are no easily accessible gaps for hackers to exploit.
If a hacker inserts a virus or compromised code into the server firmware, the configuration of the firmware is changed, creating a mismatch to the digital fingerprint embedded in the silicon. As it initiates, HPE Integrated Lights-Out 5 (iLO 5) firmware validates the basic input/output system and looks for the “digital fingerprint” of iLO firmware burned into the silicon chip. That immutable fingerprint verifies all the firmware code is valid and uncompromised.