Broadcom 96xx User Guide
Broadcom
®
96xx PCIe 4.0, 24G SAS MegaRAID
™
and eHBA Tri-Mode Storage Adapters
Adapter Security
The adapters provide two security features to protect your system from malicious activity:
•
Hardware secure boot – Permits only authenticated firmware to execute on the adapter
•
Device authentication – Enables another entity in the server to authenticate the adapter
The following sections provide details about each security feature.
Hardware Secure Boot
Hardware secure boot permits only authenticated firmware to execute on the adapter. The adapter boots from an internal
boot ROM, which establishes the initial root of trust (RoT). Hardware secure boot authenticates and builds a chain of trust
(CoT) with succeeding firmware images by using the RoT, meaning only authorized firmware executes on the adapter.
Figure 2: Authenticated Firmware Example
Hardware secure boot requires that each image be signed with a valid digital signature; otherwise, the image is
considered invalid and does not execute. The adapter ships with a valid signed firmware image. All Broadcom-supplied
firmware includes a valid digital signature; therefore, the hardware secure boot process is transparent unless the adapter
encounters a counterfeit image. If the adapter downloads a counterfeit image, the image authentication fails and the
download utility, such as StorCLI2, displays the appropriate failure messages. Contact Broadcom Technical Support for
assistance.
Device Authentication
Device authentication allows the adapter to prove its unique device identity to another entity in the server as part of
a platform attestation implementation. The adapter proves its unique device identity with a device ID certificate and a
challenge protocol.
Broadcom
96xx-MR-HBA-Tri-Mode-UG108
25
To Next Page
Loading...
Need help?
General
