HP Sure Start - Technical white paper
17
Technical white paper | HP Sure Start
Table 2: Required functions for Host Processor Boot Firmware
The table below provides a summary of each function described by NIST SP 800-193.
NIST SP 800-193 HP Sure Start
Roots of Trust
(Section 4.1)
Meets all
Resiliency
Requirements
Gen3+ uses a hardware-based RoT (the HP ESC) with immutable boot rmware, which
cryptographically veries subsequent rmware before launching it, creating a Chain of
Trust.
Gen3+ includes a key store and approved digital signing algorithms based on FIPS 186-4
to verify the digital signature of rmware update images.
Gen3+ uses authenticated update, detection, and recovery mechanisms, which are
anchored in Gen3+’s HW-based RoT.
Protection and
Update of Mutable
Code (Section 4.2.1)
Meets all
Resiliency
Requirements
Gen3+ uses an authenticated update mechanism anchored in Gen3+’s HW-based RoT.
Firmware update images are digitally signed by HP’s code signing service (HP Secure
Sign) and veried by Gen3+ prior to updating.
Gen3+ integrity protects the HP ESC and UEFI ash regions, so that only its authenticated
update mechanism or a secure local update through physical presence can modify those
ash regions.
Gen3+ has no known authenticated update bypass mechanisms and contains the
ability to prevent rollback to earlier authentic rmware images with known security
vulnerabilities.
Protection of
Immutable Code
(Section 4.2.2)
Meets all
Resiliency
Requirements
Gen3+ uses a hardware-based RoT (the HP ESC) with immutable boot rmware.
Runtime Protection
of Critical Platform
FW (Section 4.2.3)
Meets all
Resiliency
Requirements
Critical Platform Firmware executing in volatile storage (RAM) runs and:
1) ceases its operation prior to the loading of system software. That is, it runs during
POST and stops before the OS is loaded.
2) is protected from system software using SMM protections enforced by the CPU
Protection of
Critical Data (Section
4.2.4)
Meets all
Resiliency
Requirements
Gen4 Critical Data, such as Secure Boot authenticated variables, are only modiable
through dened APIs provided by device rmware. These APIs employ a mechanism to
authenticate that the data is originating from an authorized source before applying the
change.
Gen4 Critical Data, such as per-platform unique factory conguration settings, are only
modiable through dened APIs provided by device rmware. These APIs employ a
mechanism to authenticate that the request is originating from an authorized HP service
provider before they allow the change.
Gen4 Critical Data, such as BIOS settings that can be congured in the eld, are only
modiable through dened APIs. These APIs are accessed only via a system administrator
who has congured the BIOS administrator password.
Gen3+ factory default settings, which are not per-platform-specic, employ the same
protection as the code. This includes integrity and authenticity verication via digital
signature. These setting updates are controlled and protected in the same manner as the
rmware.
Detection of
Corrupted Code
(Section 4.3.1)
Meets all
Resiliency
Requirements
A successful attack on the platform rmware will not impact Gen3+’s RTD. The RTD
is maintained in a private ash area inaccessible to the system software that might
compromise the platform rmware.
Firmware code is validated by Gen3+’s RTD using approved digital signature algorithms
and cryptographic hashes.
Technical white paper | HP Sure Start