Hardware RoT

Huawei-developed Kunpeng processors and BMC chips provide a built-in hardware RoT. The root public key and root key are programmed into the hardware using eFuse, enabling security features such as secure boot and Device Identity Composition Engine (DICE). As the root of system trust, the hardware RoT ensures that critical operations, such as firmware verification and key generation, are trustworthy during system startup and runtime. It defends against physical attacks (such as chip tampering) and logical attacks (such as malicious code injection). The CPU's built-in hardware security module (HSM) provides multiple defense mechanisms, including protection against side-channel attacks, fault injection, and physical attacks, thereby establishing a trusted foundation for higher-level security mechanisms. The core boot firmware BSBC and BaseBIOS, together with HSM and iBMC have passed CC EAL4+/5+ high-level certification, providing a solid computing security foundation for customers.

In addition, Kunpeng servers are compatible with the standard TPM, enabling the trusted boot capability for customer services. iBMC supports the TCM, enabling trusted boot and measurement functions, to deliver end-to-end assurance of firmware and software security from system power-on through service operation.