Manualshelf

Release Notes

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
12345678910
Table Of Contents
Introduction
ID 501
1 Introduction
Today, even a flashed firmware a Read Only Memory is susceptible for exploitation by hackers. Hackers try to
find a way to modify, tamper, or expose a system to malicious activities. While UEFI Secure Boot Mechanism
is effective in providing host security, it is not effective avoiding an attack if flashed firmware is compromised.
A malicious hacker who has physical access to a system can tamper with the BIOS image. The security threat
that a tampered BIOS code poses is high and leaves the system open to further attacks.
To counter the boot integrity threat problem, Intel introduced Boot Guard technology a few years ago with its
Fourth-generation cores. This Root-of-Trust is based on one-time programmable, read-only public keys that
provide protection against malware tampering. When a system with Boot Guard starts, the cryptographic hash
of the BIOS image is verified against the stored key. If the verification succeeds, the BIOS boots as expected.
If the verification fails, the BIOS image is compromised, and the system fails to boot.
In addition to Boot Guard’s verification mechanism, iDRAC9 provides a Root of Trust mechanism to verify the
BIOS image at the host boot time. The host can boot only after the BIOS image is successfully validated.
iDRAC9 also provides a mechanism to validate the BIOS image at run time on demand or at user-scheduled
intervals.
Silicon-based Root of Trust Domains in PowerEdge Servers with iDRAC9.