Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
11121314151617181920
Technical support and resources
ID 483
o Initial Boot Block (IBB)
o Security (SEC)
o Pre-EFI Initialization (PEI)
o Memory Reference Code (MRC)
o Driver Execution Environment (DXE)
o Boot Device Selection (BDS)
If Intel Boot Guard authenticates the Initial Boot Block (IBB), then the IBB validates SEC+PEI before
handing control to it. SEC+PEI then validates PEI+MRC which further validates the DXE+BDS modules.
Next, control is handed over to UEFI Secure Boot as explained in the next section.
Similarly, for Dell EMC PowerEdge AMD EPYC based servers, AMD Secure Root of Trust technology
ensures that servers boot only from trusted firmware images. AMD Secure Run Technology is designed to
encrypt main memory, keeping it private from malicious intruders having access to the hardware. No
application modifications are required to use this feature, and the security processor never exposes the
encryption keys outside of the processor.
iDRAC takes on the role of hardware-based security technologies and accesses the primary BIOS ROM
through SPI. iDRAC, along with the AMD fusion controller hub (FCH) performs the Root of Trust process.
Under the following conditions, iDRAC9 recovers the BIOS.
o BIOS integrity check failed.
o BIOS self-check failed.
o Using RACADM command - racadm recover BIOS.Setup.1-1
The iDRAC boot process uses its own independent silicon-based Root of Trust that verifies the iDRAC
firmware image. The iDRAC Root of Trust also provides a critical trust anchor for authenticating the
signatures of Dell EMC firmware update packages (DUPs).