What is HPE Silicon Root of Trust?

With enterprise cyber attacks at an all-time high, organizations are well-advised to bolster their security measures against increasingly sophisticated cyber attackers and their rapidly evolving tools and methods. This includes integrating novel protective measures beyond the typical perimeter or cloud-based security controls prevalent in today's security solution landscape.  

According to the Observer Research Foundation, "the future of cybersecurity is in silicon" — that is, silicon-based security for developing hardware-based security functions is crucial for turning the tide against the unrelenting spate of new and evolving cyber threats.

Hewlett Packard Enterprise (HPE) has taken the lead in this security approach with its groundbreaking Silicon Root of Trust firmware technology that enables its customers to protect, detect and recover from cyber attacks and digital compromises. In this article, we'll learn more about HPE's Silicon Root of Trust and how it delivers advanced levels of security and protection absent in traditional solutions.

What is HPE Silicon Root of Trust?

HPE Silicon Root of Trust integrates security directly into the hardware level of HPE servers—specifically, the embedded lights-out (iLO) chip that makes secure out-of-band management of HPE servers (e.g., remote controlling and monitoring) possible. Because this design effectively creates an immutable fingerprint in the silicon, security mechanisms based on Silicon Root of Trust offer unprecedented levels of protection against new firmware attacks and previously undetected firmware compromises.

Silicon Root of Trust now serves as a secure foundation for all HPE Gen10 servers, including the ProLiant, Apollo, Synergy and EdgeLine 8000 series, as well as HPE's line of hyper-converged systems.

How does HPE Silicon Root of Trust work?

As mentioned previously, Silicon Root of Trust allows only trusted firmware to be loaded onto the server. This entails anchoring the server's boot process in hardware so that it cannot be updated or modified (i.e., it is immutable). In turn, this enables the server to easily revert and recover to a known, secure state with the trusted firmware—no manual intervention required.

When HPE servers with Silicon Root of Trust are initiated, the iLO firmware performs a validation of the system's input/output (I/O) and locates the digital fingerprint embedded in silicon. This immutable, digital fingerprint then serves as the basis for verifying that all firmware code is correct and has not been manipulated or compromised. If validation fails (e.g., tampering has been detected), Silicon Root of Trust disables the server from powering on.

Silicon Root of Trust has proved highly effective in preventing cyber attackers from injecting malicious code, and when combined with a cryptographically secured signature, makes for a highly resilient and bulletproof layer of server protection. If a cyber attacker manages to introduce a virus, malware or malicious code into the server's firmware, Silicon Root of Trust detects the change and mismatch in the firmware configuration by comparing it to the silicon-embedded digital fingerprint. This in turn enables organizations to quickly recover server operations in the event of a cyber attack.

The benefits of HPE Silicon Root of Trust

Inside-out security

Traditional network, cloud and endpoint-based security measures have proven ineffective in mitigating cyber threats; in contrast, HPE Silicon Root of Trust goes layers deeper with its innovative "inside-out security" technology, enabling organizations to better protect, detect and recover from cyber attacks and security compromises.  

Automated, continuous protection

Silicon Root of Trust provides an automation so that firmware is checked daily.  

Firmware-based recovery

Cybersecurity professionals have long argued that when it comes to security compromises, it's not a matter of if but when. Organizations should therefore assume that breaches will eventually occur if they haven't already. Subsequently, systems should be primed for a quick rollback/recovery. With HPE Silicon Root of Trust, the last known state of safe firmware (or the original state) can be recovered using HPE iLo 5 advanced software or HPE OneView advanced software.

Part of HPE's security ecosystem

HPE Silicon Root of Trust is a foundational, silicon-level innovation that forms a crucial pillar of HPE's infrastructure security ecosystem. Other solutions such as Project Aurora, HPE GreenLake Security and HPE GreenLake for Data Protection round out the HPE portfolio's edge-to-cloud enterprise security offerings.

How World Wide Technology helps with HPE Silicon Root of Trust

With HPE Silicon Root of Trust, organizations can leverage firmware-level security for unparalleled infrastructure cyber protection and resilience. To learn more about Silicon Root of Trust and how HPE's security portfolio can help your organization maintain a strong security posture, contact a WWT expert or visit our labs today.