ALTELL Secure BIOS: UEFI BIOS Security.

Overview
ALTELL Secure BIOS is an advanced firmware system designed as a building block of a trusted computing environment. It has been developed based on NIST reccomendations for secure BIOS systems, with a focus on advanced security and manageability. It provides platform security from the time of power-on:
  • Guarantees platform level attestation;
  • Trusted network connections;
  • Software consistency check.
  • Structure of ALTELL Secure BIOS
    ALTELL Secure BIOS consists of:
  • Management modules (provide support for integration with MS SCCM)
  • Security modules (user authentication, TPM support, AV, etc.)
  • Connectivity modules (network stack – wired/wireless connectivity options.
  • Industry standards compliance
    ALTELL Secure BIOS addresses security and manageability of all three devices profile classes commonly found on distributed networks::
  • Private Cloud
  • Client
  • Gateway

  • ALTELL Secure BIOS adheres to industry standards and guidelines:
  • ALTELL Secure BIOS is compliant with UEFI 2.3.1 specs and EDK 2 (modules based on these specifications)
  • Trusted Computing Group (TCG), Intel® Intelligent Systems Framework, and NIST BIOS Protection Guidelines (August 2012 revision)

  • Supported hardware includes Intel Architecture Processor Family (Xeon/Core/Atom), Intel chipsets and virtualization technologies (VT), TPM, Intel Management Engine, etc.

    Various operating systems are supported: Windows XP/7/8, Microsoft Server 2008, Linux.

    Security features
  • Integrity control of software and hardware;
  • Secure BIOS update mechanism;
  • Secure BIOS update support;
  • Role-based user authentication;
  • Smart card / USB token drivers included in BIOS;
  • Support for X.509 certificates;
  • OpenSSL library embedded in BIOS;
  • PKCS #11, PKCS #15 modules integrated in BIOS;
  • File system objects integrity check;
  • Hardware consistency check;
  • TPM support;
  • Manageability features
  • Centralized management console;
  • Network based user authentication (LDAP/AD);
  • Built-in hypervisor;
  • Event logging;
  • Intel AMT support;
  • Remote antivirus scan support with Kaspersky AV;
  • Embedded network stack;
  • Unicode support for localization;
  • Microsoft SCCM support;
  • IPMI 2.0 support;
  • In/Out-of-band management capabilities that give administrators robust control of the platform regardless of the operating system power state.
  • Supported Connectivity Options
  • Wired: Chipset & NIC LAN - full network stack (incl. IPv6 support) integrated;
  • Wireless: WiFi 802.11 b/g/n;
  • Mobile: 3G/4G - in development.