Secure Boot Application for Partners' BMC

In open BMC scenarios, or when partners customize solutions based on the Kunpeng server board, server partners develop their own BMC software. To extend the chain of trust from the hardware RoT in the BMC chip to the partner-developed BMC service firmware, the Kunpeng-included BMC provides a partner mode. In this mode, the digest of the partner's root CA is signed, propagating the chain of trust.

Partners provide their own public key certificates and implement signing for their self-developed firmware, so that the hardware RoT can be extended to their firmware and secure boot is enabled.

Figure 1 Chain of trust extension for partners' BMC secure boot