1. Technical Field
The present disclosure relates in general to authentication of boot instructions of an information handling system (IHS) administration, and more particularly to authentication of a Basic Input/Output System (BIOS) of an IHS server having a host processor and a support processor.
2. Description of the Related Art
As the value and use of information continue to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems (IHSes). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes, thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, IHSes may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in IHSes allow for IHSes to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, IHSes may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Currently Basic Input/Output System (BIOS) or Unified Extensible Firmware Interface (UEFI) boot up uses signed images to prevent hackers from loading malicious BIOS firmware. While this offers good protection for certain scenarios, it does not protect from a hacker replacing the BIOS Serial Peripheral Interface (SPI) flash contents (via physical tampering or Man-in-the-middle-attack scenarios) with a new one that contains a malicious BIOS image. Currently known approaches also do not protect against scenarios wherein a hacker or disgruntled employee compromise a signing key that is used for encrypting contents of BIOS firmware.