Silicon Root of Trust (RoT) is a firmware technology that adds security and protection to the hardware level of a server. RoT starts a chain of trust that validates that the server is booted with legitimate firmware. Supermicro RoT is implemented according to NIST 800-193 specifications. Root of Trust (RoT) consists of secure boot, secure update, automatic recovery, and rollback prevention to build a trusted foundation.

Trusted Platform Module (TPM) technology is designed to provide hardware-based, security functions. TPM is a dedicated chip designed to secure hardware via cryptographic keys. Management Software can leverage TPM to authenticate servers.

Supermicro signs the firmware image with a private key. This "signed firmware" guarantees that the firmware update has not been modified or corrupted. Supermicro uses RSA4K/SHA512 to sign its BMC, BIOS, and CPLD firmware.

The server boot process is one of the most critical aspects of security. The secure boot process is designed to ensure that the server starts safely and securely by preventing unauthorized software from taking control at boot-up.

Supermicro uses cryptographically signed firmware. All BMC, BIOS, and CPLD firmware updates happen securely via the BMC which checks for signatures and roll-back ids before updating the firmware.

Supermicro’s RoT design reduces the downtime of servers with its secure recovery feature. RoT automatically recovers servers during the firmware boot process from corrupt images caused due to malicious attacks, illegal or incomplete operations, and significantly. Supermicro provides 2 backup images for the BIOS, CPLD, and BMC recovery which reduces the probability of the server getting bricked. In case of suspicious activity or unexpected results in existing firmware, the user can manually initiate BIOS or BMC recovery from backup images.

Open industry standards-based attestation delivers supply chain assurance from motherboard manufacturing to server production. Supermicro cryptographically attests the integrity of each component and firmware using signed certificates and secure device identity.

Supermicro trusted supply chain assurance offers to verify the identity of the Supermicro server that is received by the customer matches what Supermicro has manufactured. IT administrators and security teams can confidently deploy servers in data centers after validating the servers manufactured by Supermicro and unexpected modifications have not occurred during the journey from Supermicro to data centers.

Run-time BMC protection is a security feature that continuously monitors threats and provides notification services. The key objective is to quickly monitor and detect security threats; and therefore, mitigate potential attacks. The BMC generates alerts and sends out notifications to users so they can take corrective actions.

System Lockdown is a security feature that prevents all system configuration changes including firmware updates.