Hardware security¶
Industrial Edge hardware is produced by different vendors, including Siemens. These vendors can include different security measures, so it is possible to reach different security levels and achieve different use cases.
The security measures are explained in the respective manuals, for example the SIMATIC IPC Industrial Edge Device - Operation manual.
| Component | Purpose | Description |
|---|---|---|
| IntelĀ® Boot Guard | Protect BIOS | IntelĀ® Boot Guard provides hardware enforced boot controls and ensure that only authorized and unaltered BIOS code can be run on Edge Devices. |
| BIOS signature | Protect BIOS | The Edge Device BIOS is protected over the whole lifecycle through signatures. |
| Secure Boot | Verify boot artifacts | With Secure Boot, UEFI will only launch verified and unaltered Industrial Edge boot artifacts which are digitally signed by Siemens. |
| Crypto hardware | Disk encryption | Industrial Edge provides hardware modules to encrypt the storage. |
| Crypto hardware | Measured boot | The crypto hardware measures and supervises the boot chain. |
| Manufacturer device certificate | Hardware authenticity | The manufacturer device certificate provides a proof-of-origin of the Edge Device provisioned during the manufacturing process.* |
| Separate network interfaces | Separation of IT and OT networks | Industrial Edge hardware provides at least 2 separate physical network interfaces which may be used to segregate OT and IT networks. Network separation may be disabled by custom apps. |
| *planned | ||