Hewlett Packard Enterprise (HPE) will be the first manufacturer to return to a white-box assembly. The company announced a new campaign to manufacture servers from US-made components. HPE will oversee supply chain security for US customers through the HPE Trusted Supply Chain initiative. The service is primarily intended for clients from the public sector, healthcare and financial services market participants.
HPE explains that, contrary to popular belief, security does not start from the moment you connect and operate the equipment, it starts from the assembly stage. Therefore, it is so important to track the supply chain, labeling and all other processes. Untested components may contain hardware and software backdoors.
HPE's Trusted Supply Chain initiative will enable government companies and the public sector to buy certified US servers.
The first product to meet all security criteria will be the HPE ProLiant DL380T Server. Not all of its components are made in the USA, but it is already possible to declare that the equipment belongs to the category "Country of Origin USA", and not just about American production, marked with the "Made-in-USA" label.
Distinctive features of the new HPE ProLiant DL380T server:
- Advanced security mode. The option is activated at the factory and allows you to increase the level of system protection against cyber attacks. The mode will require some authentication before logging into the server.
- Protection from the installation of an unsafe OS. UEFI Secure Boot is used to ensure that it works exclusively with the factory preinstalled operating system.
- Blocking server configurations. If you change the default settings, the system will notify you at boot time. The option prevents any intervention by third-party users.
- Intrusion detection. The function protects against physical interference. Server owners will receive a warning if someone tries to remove a server case or part of it. The option is active even when the server is off.
- . HPE , . .
The Covid-19 pandemic has exposed a number of problems in the logistics of electronic components and systems. In addition, the operational and business processes of many enterprises responsible for the production and supply of electronics were disrupted. HPE decided to expand the number of supply chains to avoid dependence on one company or country. And variety and flexibility in the supply chain is now a winning strategy for manufacturers around the world. Therefore, HPE produces the finished product in the same place where it expects to sell it - in the USA.
In Wisconsin, HPE has a site where personnel with special clearance work, and this is where it is planned to manufacture server equipment. Next year, they plan to develop a similar program for Europe, launching production in one of the EU countries.
HPE Trusted Supply Chain is not HPE's first cybersecurity initiative. The Silicon Root of Trust project was launched earlier. Its essence is a secure long-term digital signature, which makes it possible to ensure security in the iLO (Integrated Lights-Out) remote server management system . The server will not boot if firmware or drivers that do not match the digital signatures are found.
Most likely, HPE will be the first in a series of large companies returning to the "white assembly". Other companies began the process of transferring capacity from China , transferring assembly lines from China to Taiwan due to the trade war between the US and PRC.
