OpenPOWER secure and trusted boot, Part 2: Protecting system firmware with OpenPOWER secure boot

Protection of system firmware against malicious attack is paramount to server
security. If an attacker is able to inject malicious code at the firmware level, no security
measure at the operating system level can fully guarantee the trust of the system. IBM
OpenPOWER servers support secure boot of system firmware to ensure the system boots only
authorized firmware. When the system boots, each firmware component is verified against a
cryptographic signature and integrity-checked against a secure hash of the component. If any
check fails, secure boot prevents the system from booting until the problem is


Leave a Reply