Home > Data Protection > PowerProtect DD Series Appliances > Dell PowerProtect Data Domain DD9410 and DD9910 > Hardware Root of Trust
Hardware Root of Trust's main goal is to ensure that the lowest level of code (BIOS and iDRAC) is authentic and trusted, and that the Chain of Trust Authentication can be established when the system is turned on. Hardware root of trust focuses on software protection. By using Dell PowerEdge server, the new PowerProtect Data Domain models automatically inherit the hardware root of trust feature that verifies and authorizes BIOS and IDRAC, but it does not verify the other firmware (apart from BIOS and IDRAC) and OS that is running on the hardware. To check the other firmware and OS, the new DD models support UEFI (Unified Extensible Firmware Interface) secure boot and kernel secure boot to provide greater protection and extended chain of authentication.
The iDRAC Domain covers the protection of firmware installation and iDRAC. It is used to verify the signature of the Dell firmware update package called DUP. Each hardware component on the system has its firmware on the DUP and it is signed with a Dell key. When the firmware is upgraded using the DUP, iDRAC checks the signature of the DUP and iDRAC allows the installation of the package if the verification is passed, if not, it fails the installation. It also verifies its own code when iDRAC boots up.
When the system boots, BIOS firmware code is validated against the signature stored in a silicon chip by Dell in the factory. When the validation completes successfully, the rest of the BIOS modules are then validated through a chain of trust.