At HPE Discover in Las Vegas, Scott Sheffer, VP and Chief Technologist for Compute at HPE, sits down with Techzine TV to discuss one of the most critical, and often overlooked, layers of server security: iLO, HPE’s integrated management controller. Whats people used to call IPMI. From firmware integrity to cloud-based observability, iLO is the backbone of HPE ProLiant, Synergy, Edgeline, and Superdome server management.
Scott explains how HPE’s Silicon Root of Trust, introduced in Gen10 servers, ensures that only authentic HPE firmware can ever load on iLO, by embedding a cryptographic hash directly into the ASIC during manufacturing. He also breaks down best practices for network segmentation, explaining why most enterprise customers opt for a physically isolated management network rather than shared production infrastructure.
The conversation then moves into cutting-edge territory: post-quantum cryptography. HPE’s Gen12 servers now include quantum-resistant algorithms, LMS and MLDSA, built into iLO, addressing the “save now, decrypt later” threat that already concerns governments and financial institutions. Scott also addresses the long-term roadmap for the iLO ASIC, explaining how HPE plans to continue advancing hardware and firmware to stay ahead of emerging threats.
🔑 Key takeaways:
• iLO is built into every HPE ProLiant, Synergy, Edgeline, and Superdome server
• Silicon Root of Trust embeds a cryptographic hash into the ASIC during manufacturing, preventing unauthorized firmware from loading
• Most enterprises use a physically isolated management network for iLO traffic
• HPE Compute Ops Manager provides cloud-based visibility, firmware updates, and a security posture dashboard across thousands of servers
• Gen12 servers support post-quantum cryptography via LMS (firmware boot layer) and MLDSA (upper firmware protection)
• The US government requires quantum-resistant systems for all purchases starting in 2027
• NIST has defined the required post-quantum algorithms
• HPE will continue advancing the iLO ASIC to protect against future, unknown threats
⏱ Chapters:
0:00 Introduction
0:31 What is iLO? HPE’s built-in server management
1:43 Silicon Root of Trust: securing iLO firmware
2:36 Network access options and physical isolation
4:13 Cloud management with Compute Ops Manager
4:49 Security dashboard and remote remediation
5:25 Post-quantum cryptography in Gen12 servers
7:13 LMS and MLDSA: the new quantum-resistant algorithms
8:24 ASIC roadmap and future-proofing server security
🔎 Keywords: HPE iLO, server security, Silicon Root of Trust, post-quantum cryptography, HPE Gen12, Compute Ops Manager, quantum resistant, LMS, MLDSA, HPE ProLiant, HPE Discover, firmware security, management network, NIST, iLO ASIC