What security is present on the R720's BIOS?
. Some of our customers have some security concerns about the ability to secure and write to the BIOS and other firmware ( BMC, ipmi, device f/w) that is in the r720 systems. In the past this work has been done on machines where they have a dip switch to h/w protect the BIOS.
NIST has a draft spec out on BIOS security. It is NIST 8-147b. The idea is at some point being compliant with this spec. Are any methods that are discussed in the draft implemented. In particular:
1. What encryption is used for the BIOS password
2. What protection mechanisms are provided for in the BIOS to prevent writing to it (Checksums in BIOS, etc.)
3. How secure is the update mechanism? Does it have a trusted key provided with it.
4. Is then vendor of the BIOS looking at being compliant with NIST 800-147b
5. When a BIOS is corrupt do the automatically initiate a recovery to a known good BIOS
6. Does the design of the system and accompanying system components and firmware ensure that they are no mechanisms to install and execute unauthenticated BIOS code, except through physical interventation and secure local update mechanisms
7. Are there any back door users/passwords (used primarily by service personnel)