Hewlett Packard Enterprise (HPE) announced a new supply chain security system for US public sector customers who for one reason or another choose to buy products made in the United States. The entire server hardware supply chain is secured through strict adherence to US industry standards, which reduces risks to public sector institutions. The new initiative was named HPE Trusted Supply Chain.
Several years ago, HPE introduced Silicon Root of Trust, a feature that provides security directly to iLO and creates an immutable digital signature. If the firmware or driver kit for the server does not match this digital signature, the server will not boot and configuration changes will not be accepted. HPE is not limited to servers, but also offers a similar system for network security in solutions from Aruba.
However, there are some problems with the autonomy of the supply chain: the Covid-19 pandemic has caused a massive disruption in the production of many electronic components for servers. Another problem is the increasing frequency of hacking of microchips to steal information from various devices. HPE solves both problems by building a finished product in the country where it is sold. In the United States, there is an increased demand for safe homemade products, especially for customers in the federal, government, financial sectors, and healthcare organizations.
HPE has its own manufacturing site in Wisconsin with qualified personnel. Since the entire production process is under control, the likelihood of a security breach is very low. HPE is also ready to deliver and install new servers in the customer’s data center.
The first product to go through this entire process is the HPE Proliant DL380T Server. Not all server components are made directly in the USA, but those that are of local origin already allow us to officially declare the American origin of equipment (Country of Origin USA), and not just about American production (Made in USA).
HPE goes beyond the manufacturing process by extending enhanced security throughout the product lifecycle:
- Prevent loading a compromised operating system by activating UEFI Secure Boot;
- Prevention of hacking of firmware and server hardware by locking the server configuration to check for unauthorized addition of options (network adapters, disks);
- Enabling enhanced security mode with mandatory user authentication;
- Alert customers using built-in tools if the server was compromised while it was moving through the supply chain, even if the power was turned off.
HPE is not satisfied with what has already been achieved and plans to introduce a similar program for Europe next year. It looks like the “white build” is back. However, this process did not begin today – last year, large contract server manufacturers that served large American and European customers began to transfer production lines from mainland China to Taiwan and Mexico. HPE has only brought the matter to its logical conclusion.