Release Notes
Table Of Contents
Dell EMC Root of Trust and BIOS live scanning
ID 501
2 Dell EMC Root of Trust and BIOS live scanning
2.1 Root of Trust
Dell EMC takes security seriously and has adopted Boot Guard technology on its new generation of
PowerEdge servers to counter BIOS tampering issues. On the latest Dell EMC PowerEdge servers with
iDRAC9, iDRAC first boots with chain of trust authentication, and then verifies BIOS integrity. iDRAC takes on
the role of hardware-based security technologies as well. For AMD, the iDRAC9 accesses the primary BIOS
ROM through SPI in addition to AMD fusion controller hub (FCH) and performs the RoT process. For Intel, the
iDRAC9 accesses the primary BIOS ROM through SPI and Intel Platform Controller Hub (PCH) and performs
the RoT process.
iDRAC9 directly accesses the BIOS primary ROM to perform a RoT operation on the processor, on both the
security block and the host initial BootBlock.
iDRAC
PCH Intel/ FCH AMD
ME (Intel
Only)
SPI MUX
BIOS
Primary
ROM
iDRAC accessing BIOS image ROM.
Under the following conditions, iDRAC9 recovers the BIOS.
1. BIOS integrity check failed.
2. BIOS self-check failed.