Building flashless servers with Open Source Firmware for higher security and better flexibility

Day 1 | 11:50 | 00:20 | UB4.136 | Jean-Marie Verdun


Note: I'm reworking this at the moment, some things won't work.

The stream isn't available yet! Check back at 11:50.

We will cover into that talk a new proposal to design and distribute open source firmware in the datacenter world by relying on secure boot from a single component (the BMC) and extensive attestation from the remaining part of a server. The BMC will starts from a network boot and load all required firmware (from PCIe end points, to microcontroller) from a trusted source before starting target. This approach is currently implemented on HPE Gen11 servers which supports Open Source Firmware. Our goal is to enhance security by decoupling the firmware and hardware supply chain, and allowing easier update process.