ALTELL Secure BIOS: UEFI BIOS Security.
ALTELL Secure BIOS is an advanced firmware system designed as a building block of a trusted computing environment. It has been developed based on NIST reccomendations for secure BIOS systems, with a focus on advanced security and manageability. It provides platform security from the time of power-on:
Guarantees platform level attestation;
Trusted network connections;
Software consistency check.
Structure of ALTELL Secure BIOS
ALTELL Secure BIOS consists of:
Management modules (provide support for integration with MS SCCM)
Security modules (user authentication, TPM support, AV, etc.)
Connectivity modules (network stack – wired/wireless connectivity options.
Industry standards compliance
ALTELL Secure BIOS addresses security and manageability of all three devices profile classes commonly found on distributed networks::
ALTELL Secure BIOS adheres to industry standards and guidelines:
ALTELL Secure BIOS is compliant with
UEFI 2.3.1 specs and EDK 2 (modules based on these specifications)
Trusted Computing Group (TCG), Intel® Intelligent Systems Framework, and NIST BIOS Protection Guidelines (August 2012 revision)
Supported hardware includes Intel Architecture Processor Family (Xeon/Core/Atom), Intel chipsets and virtualization technologies (VT), TPM, Intel Management Engine, etc.
Various operating systems are supported: Windows XP/7/8, Microsoft Server 2008, Linux.
Integrity control of software and hardware;
Secure BIOS update mechanism;
Secure BIOS update support;
Role-based user authentication;
Smart card / USB token drivers included in BIOS;
Support for X.509 certificates;
OpenSSL library embedded in BIOS;
PKCS #11, PKCS #15 modules integrated in BIOS;
File system objects integrity check;
Hardware consistency check;
Centralized management console;
Network based user authentication (LDAP/AD);
Intel AMT support;
Remote antivirus scan support with Kaspersky AV;
Embedded network stack;
Unicode support for localization;
Microsoft SCCM support;
IPMI 2.0 support;
In/Out-of-band management capabilities that give administrators robust control of the platform regardless of the operating system power state.
Supported Connectivity Options
Wired: Chipset & NIC LAN - full network stack (incl. IPv6 support) integrated;
Wireless: WiFi 802.11 b/g/n;
Mobile: 3G/4G - in development.