AEWIN is launching the Trust Secure Boot module, the OT004, for increased BIOS firmware resilience to guard against firmware tampering or data corruption. This is part of AEWIN’s push for a hardware system root of trust for our network computing systems, and is the first link in the chain. We have leveraged our experiences from gaming system ODM, where there are strict regulations regarding tamper resistance, as well as experiences from specialized sectors where the vendor has requested firmware hardening.
OT004 is a self-contained module and isolated from rest of the system to reduce possible attack surfaces. The on-board logics identify and authenticate firmwares inside the system. The actions after detection of anomaly is programmable. The default is sound the buzzer alarm and hold the boot up sequence, then requiring user interaction to correct the firmware and continue the boot process. The module can be programmed to provide automated firmware recovery if desired.
Another critical part of firmware restoration is ensuring there is a pristine golden image as reference. Extra attention was put into ensuring the integrity of the golden image on-board. To prevent tampering of the golden image, updating the image requires a dedicated hardware key along with password. The addition of a hardware key raises another hurdle for potential malicious actors. An added benefit is that is also prevent tampering by physical access, unless they are able to access the physical hardware key.
OT004 support is being integrated into many of our products in development. The first wave of the systems supporting the OT004 Trusted Secure Boot module has already been announced. SCB-1826 and SCB-1833 are the first systems to support this module. OT004 can be added to these systems protect the BIOS. Please talk to our friendly sales about integrating firmware security into your next AEWIN devices.
- Trusted Secure Boot Module
- TSB pin header
- Support Intel® Comet Lake Series Processor, LGA1200
- 2-channel DDR4 ECC 2933MHz Memory, max support 128GB
- Support TPM/trust secure boot (BIOS recovery) & IPMI with Dying Gasp feature
- Support 3rd generation AMD® Ryzen™ processors
- Support 2x PCIe Gen4 Expansion Modules which support 128Gb bandwidth and 2x PCIe Gen3 Expansion Modules
- Support TPM/trust secure boot (BIOS recovery) & IPMI with Dying Gasp feature