Home > Storage > PowerMax and VMAX > Data Protection > Dell PowerMax Cybersecurity > Secure Boot and Measured Boot
Secure Boot represents an industry-wide standard for security in the preboot environment. Computer system vendors, expansion card vendors, and operating system providers collaborate on the specification to promote interoperability. Secure Boot is the process of verification that the image to be booted is exactly the image that is expected. It is used during Hardware Root of Trust, firmware load, and firmware upgrade. Secure Boot also extends through all the various images that need to be booted all the way, through the execution of the operating system image, such as bootloaders, to firmware to Initial BIOS to UEFI.
PowerMaxOS for PowerMax 2500/8500 supports industry standard UEFI Secure Boot, which checks the cryptographic signatures of UEFI drivers, kernels and other code loaded prior to the operating system running. UEFI Secure Boot prevents unsigned (untrusted) UEFI device drivers or operating system kernels from being loaded, displays error messages, and does not allow the device to function.
Measured Boot is the process of storing hash values used for authentication during a Secure Boot sequence. Values are stored in the boot log within a Trusted Computing Group (TCG)-defined trusted platform module (TPM), public keys, and the various signatures. The TPM values can be used through a token process by an upstream operating system or applications to validate the expected execution of a Secure Boot process.
PowerMaxOS for PowerMax 2500/8500 supports two versions of TPM:
The TPM can be used to perform public key cryptographic functions and compute hash functions, and can generate, manage, and securely store keys.