Skip to content
Security
/
iLO and the SPDM

iLO and the Security Protocol and Data Model (SPDM)

NOTE

The Security Protocol and Data Model (SPDM) has been implemented in iLO 6 version 1.10 and later. Previous versions of HPE iLO don't implement this standard.

The Security Protocol and Data Model (SPDM) enables zero trust between the server management controller and option cards. It uses the DMTF standard specification to verify and authenticate option cads.

SPDM provides message exchange between the management controller and internal server components, sequence diagrams, message formats, and other relevant semantics for authentication and measurements of components and options cards.

Redfish defines the Component Integrity service which allows redfish clients to view SPDM details. In HPE iLO 6 version 1.10 and later, the ComponentIntegrityCollection URI is at /redfish/v1/ComponentIntegrity/.

HPE iLO uses SPDM to authenticate and verify the integrity of the following component types within HPE servers:

  • PCIe Option Cards (PCIe, OCP, Mezz slots)
  • NVMe Drives attached directly to CPU

The authentication results are reported through:

  • Integrate Management Log (IML)
  • Security Log (SL)
  • Redfish Alerts
  • SNMP traps
  • iLO GUI (System Information-->Device Inventory)
  • Redfish API (see next paragraph)

You can control the SPDM functionality through the iLO GUI (Security-->Access Settings-->iLO) and the Redfish API of the following resources:

Refer the HPE iLO 6 1.10 (or later) User Guide for detail on accessing the above resources via the iLO Graphical User Interface.

Global Component Integrity property

The GlobalComponentIntegrity from the HpeSecurityService resource defaults to disabled as not all components are expected to support SPDM. If you enable GlobalComponentIntegrity, HPE iLO authenticates all applicable components in the server using SPDM. Every applicable component will be reported to the security logs as verified successfully or verified unsuccessfully.

NOTE
  • When GlobalComponentIntegrity is set to Disabled the ComponentIntegrityCollection contains 0 members.
  • When GlobalComponentIntegrity is set to Enabled, the ComponentIntegrityCollection contains a member for each applicable component (i.e. PCI slots, NVMe, etc).

Components which verified unsuccessfully contain additional details explaining why (such as unsupported, missing root CA, unsupported algorithm, etc). Any component type that is non-authentic or unsupported changes the OverallSecurityStatus to Risk (property of the HpeiLOSecurityDashboard data type .

Examples

The following example retrieves the GlobalComponentIntegrity and the ComponentIntegrityPolicy properties. The response body shows respective values as Enabled and HaltBootOnSPDMFailure.

GET /redfish/v1/Managers/1/SecurityService/?$select=GlobalComponentIntegrity,
ComponentIntegrityPolicy

A system with the GlobalComponentIntegrity enabled and the ComponentIntegrityPolicy set to HaltBootOnSPDMFailure returns a ComponentIntegrity collection similar to one in the following example.

GET /redfish/v1/ComponentIntegrity/

Component Integrity Policy

The ComponentIntegrityPolicy property, part of the HpeSecurityService resource , controls the system boot policy based on the SPDM authentication results of the devices in the server. The two policies are:

  • HaltBootOnSPDMFailure: Select this option to halt the system boot during SPDM Authentication failure.
  • NoPolicy: Select this option to boot the system in normal mode.

Component Integrity Policy Examples

The following example changes the ComponentIntegrityPolicy property to HaltBootOnSPDMFailure.

NOTE

A system reset is required to fully validate the modification.

PATCH /redfish/v1/Managers/1/SecurityService/

The following example retrieves the collection of SPDM capable devices.

GET /redfish/v1/ComponentIntegrity/

The following example retrieves the details of a storage controller successfully verified by the SPDM protocol.

NOTE

The response body contains a hash (measurement) of the four subcomponents of this device.

GET /redfish/v1/ComponentIntegrity/0/
TIP

You can map the component URI (i.e. /redfish/v1/ComponentIntegrity/0) with its device URI using the TargetComponentURI (i.e. /redfish/v1/Systems/1/Storage/DE040000 )

Fetching component integrity measurements

HPE iLO 6 and later supports fetching component integrity measurements from devices, including the embedded Trusted Platform Module (TPM) and the operating system. This operation can be performed regularly by Redfish clients to verify the integrity of the components of a system.

A component integrity measurement is a technique to ensure the component of a system has not been altered before its use or during run time.The verification of the integrity Trusted Platform Modules (TPMs) is explained in the following paragraph.

The fetch of such measurements is performed by POSTing an action to a location specified in the Actions Redfish object of the members of the ComponentIntegrity collection.

The following example fetches the component integrity measurements of the storage controller used in the previous example. The optional Nonce parameter is not provided in this example.

Tip

The SignedMeasurements value in the body response of the next example, corresponds to the concatenation of the four measurements mentioned in the previous example.

POST /redfish/v1/ComponentIntegrity/0/Actions/
ComponentIntegrity.SPDMGetSignedMeasurements/

The following example specifies a valid 64 hexadecimal digits Nonce parameter in the body of the action POST request.

POST /redfish/v1/ComponentIntegrity/0/Actions/
ComponentIntegrity.SPDMGetSignedMeasurements/

The following example specifies an invalid Nonce parameter with 32 characters in the body of the POST action to retrieve the measurements.

TIP

The Nonce property is an hexadecimal encoded set of bytes (^[0-9a-fA-F]{64}$). As such, 64 characters are needed to obtain a 32 byte string. Providing less characters (i.e. 32) triggers the error returned in the next example.

POST /redfish/v1/ComponentIntegrity/0/Actions/
ComponentIntegrity.SPDMGetSignedMeasurements/

Fetching TPM measurements

HPE iLO represents a TPM with two members (TPM-0, TPM-1) in the ComponentIntegrityCollection.

TPM-0 contains the Operating System Platform Component Registers (PCRs) also called measurements. Each PCR corresponds to an Operating System component. TPM-1 contains iLO firmware PCRs.

The following prerequisites must be satisfied to retrieve TPM-0 (OS) and TPM-1 (iLO) PCRs:

  • An Operating System (OS) must be installed on the server. No specific action required in the OS configuration.
  • BIOS firmware needs to support TPM measurements. For information on "Configuring Trusted Platform Module (TPM) options", refer to UEFI System Utilities User Guide for HPE ProLiant Gen11 Servers, and HPE Synergy.
    • TPM Visibility must be set to Visible (TpmVisibility Bios attribute)
    • TPM UEFI Option ROM Measurement must be set to Enabled (TpmUefiOpromMeasuring Bios attribute)
    • Current TPM State must be set to Present and Enabled (TpmState Bios attribute).
    • In the Current TPM 2.0 Active PCRs field select SHA256 and SHA384 (TpmActivePcrs Bios attribute).
NOTE

Inability to meet any of the above prerequisites results in the error message HashAlgNotSupported

The following example retrieves the required Bios attribute values. Refer to this section to modify a BIOS Redfish attribute.

ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest get TpmState TpmActivePcrs TpmUefiOpromMeasuring TpmVisibility  --json
ilorest

The following example retrieves the properties of the TPM-0 (OS) component, including each PCR measurements.

GET /redfish/v1/ComponentIntegrity/TPM-0

The following example retrieves the properties of the TPM-1 (iLO firmware) component, including each PCR measurements.

GET redfish/v1/ComponentIntegrity/TPM-1

The following example fetches the PCR measurements from the TPM-1 component member. The payload of this request is described in the following table:

PropertyTypeDescription
PCRSelectionstringIndicates the targeted PCR. Mandatory parameter with possible values: PCR0 or PCR8
NoncestringA set of bytes as a hex-encoded string that is signed with the measurements. Length of the Nonce should be between 1 and 32 characters and is an optional parameter.
NOTE

HPE iLO uses the provided nonce to sign the PCR. If the nonce value is not provided, HPE iLO creates the nonce internally.

POST /redfish/v1/ComponentIntegrity/TPM-1/Actions/
ComponentIntegrity.TPMGetSignedMeasurements

Same example using iLOrest:

cat GetTPM-1-Measurements.json
    {
        "/redfish/v1/ComponentIntegrity/TPM-1/Actions/ComponentIntegrity.TPMGetSignedMeasurements": {
            "PCRSelection": "PCR0",
            "Nonce": "0123456789abcdef0123456789abcdef"
    }


ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest rawpost --silent --response GetTPM-1-Measurements.json | jq
ilorest logout
Previous page
Next page