Users Guide

Table Of Contents
Identifier GUID-E1BEC328-7970-4284-9591-22EDF8AC6358
Version 4
Status In translation
BIOS Recovery and Hardware Root of Trust (RoT)
For PowerEdge server, it is mandatory to recover from corrupted or damaged BIOS image either due to malicious attack or power surges
or any other unforeseeable events. An alternate reserve of BIOS image would be necessary to recover BIOS in order to bring the
PowerEdge server back to functional mode from unbootable mode. This alternative/recovery BIOS is stored in a 2nd SPI (mux'ed with
primary BIOS SPI).
The recovery sequence can be initiated through any of the following approaches with iDRAC as the main orchestrator of the BIOS
recovery task:
1. Auto recovery of BIOS primary image/recovery image — BIOS image is recovered automatically during the host boot process
after the BIOS corruption is detected by BIOS itself.
2. Forced recovery of BIOS Primary/recovery image — User initiates an OOB request to update BIOS either because they have a
new updated BIOS or BIOS was just crashing by failing to boot.
3. Primary BIOS ROM update — The single Primary ROM is split into Data ROM and Code ROM. iDRAC has full access/control over
Code ROM. It switches MUX to access Code ROM whenever needed.
4. BIOS Hardware Root of Trust (RoT) — This feature is available in severs with model number RX5X, CX5XX, and TX5X. During
every host boot (only cold boot or A/C cycle, not during warm reboot), iDRAC ensures that RoT is performed. RoT runs automatically
and user cannot initiate it using any interfaces. This iDRAC boot first policy verifies host BIOS ROM contents on every AC cycle and
host DC cycle. This process ensures secure boot of BIOS and further secures the host boot process.
メモ: For more information on Hardware RoT, refer to this link: https://downloads.dell.com/Manuals/Common/dell-emc-idrac9-
security-root-of-trust-bios-live-scanning.pdf
BIOS 設定 307