Figure 1.
Schematic diagram of the iLO processor
Management ROM
The Management ROM (flashROM) includes the iLO boot block and the iLO main firmware image.
The iLO boot block is responsible for the initial hardware and software setup, location and validation
of an executable image, and transfer of control to the executable image.
The iLO main image is digitally signed with an RSA
2
1024-bit private/public key pair. The firmware
image is signed with the private key known only to HP; the iLO boot block knows the public key. To
produce the signed firmware image, HP uses the following firmware build process:
1.
Compute an SHA 1 (Secure Hash Algorithm) hash over the entire image.
2.
Encrypt and sign the SHA1 hash with the RSA private key.
3.
Store the encrypted signature in the image header.
To validate and boot the signed firmware image, the iLO boot block searches memory for a viable
image that contains a recognizable header. If a viable image is found, the iLO boot block decrypts
the signed SHA1 hash using the RSA public key. The boot block then computes the SHA1 hash over
the entire image. If the two SHA1 hashes are equivalent, the image is valid and the boot block passes
control to the iLO main image to begin executing.
During the firmware flash process, an image is presented to the iLO firmware for potential flash into
the Management ROM. The flash routine analyzes the incoming data stream, looking for a viable
image. If iLO finds a viable image, it is flashed into the Management ROM at the next available
address. Normally, the first viable image found is the main image, and it is flashed into the area just
past the boot block. The flash process continues until no more viable images are detected in the
incoming data stream.
2
RSA is a public-key cryptosystem for both encryption and authentication. It was invented in 1977 by Ron Rivest,
Adi Shamir, and Leonard Adleman and is named for them.
6
