POWER systems are known to provide a highly secured server platform. POWER9 hardware and firmware are making substantial improvements to make it even more secure for Cloud deployment with the addition of Secure Boot built on a host processor based chain of trust. Our previous blog addressed the concepts of Secure and Trusted Boot along with an overview of Secure Boot. Here we will dig a bit deeper into the host processor based chain of trust.Host Processor Based Chain of TrustPOWER9 Secure Boot implements a host processor based chain of trust. The chain starts with an implicitly trusted component with other components being authenticated and integrity checked before being executed on the host processor cores. Verification code from locked processor SEEPROM (Serial Electrically Erasable Programmable ROM) validates the initial Firmware load. Firmware verifies cryptographic signatures of all subsequent “to be trusted” firmware that is loaded for execution on the POWER9 cores. On a POWER9 system, SEEPROM Security Switches are set in Self-Boot Engine (SBE) code and locked down on the system manufacturing line to provide the basis for hardware enforcement of secure IPL flows. Secure IPL facilitates the further development of a trusted computing POWER platform.Secure Boot FlowA flow diagram illustrating the operations for a Secure Boot IPL is shown in Drawing 1 below. Secure Boot establishes the locked SEEPROM, SBE, and Hostboot Base code (including a portion of Hostboot Extended code) as the core root of trust (CRTM) with the chain of trust extended to include PHYP, PFW, selected adjunct partitions (pTPM, vTPM, Hostboot Runtime, and Encryption adjuncts) and On Chip Controller (OCC – thermal management). Coupled with the processor hardware security support, this trust domain ensures that it is not feasible to silently display or alter customer data through any hardware or firmware mechanisms.