To ensure smooth Day One operation, it is highly recommended that your systems are verified using Supermicro’s system attestation process. System attestation enables you to authenticate the state of your Supermicro system, components, and firmware, and ensure that they match the state of when they left Supermicro’s premises. Attestation will detect any changes in the composition of your hardware and firmware through cryptographic signing, thereby guaranteeing the state of your server, while identifying and reporting any unauthorized changes.
Attestation is available for any Supermicro 13th generation systems. An Enterprise SFT-SDDC-SINGLE license is required to perform attestation. You may inquire about this license through your Supermicro sales representative.
Please follow these steps to attest your system:
- Run Supermicro Update Manager (SUM) to create a measurement file containing your current system configuration.
sum -i <BMC IP> -u <BMC_USER> -p <BMC_USER_PASSWORD> -c Attestation --dump --file <MEASUREMENT_FILE>
- Log in to the Attestation Portal
- Upload the measurement file obtained in step 1 to the Measurement Validation Server, which will compare the configuration to Supermicro’s reference manifest file.
- Download the verification report that compares the uploaded configuration with Supermicro’s reference manifest.
In addition to an interactive web interface, you may also use the Attestation RESTful API to automate the process using your own tooling.
The verification report includes:
- System components
- Firmware
- FRU
Below is the flow diagram that shows how the reference manifest file that is generated from the motherboard released by the contract manufacturer (CM) and compared to the measurement file that is produced by the customer.
See sample report below*