As the “out-of-band management brain” of servers, the security of BMC chips is directly related to the safety of the entire server and even the data center. Therefore, data encryption and security measurement are among its primary functions, necessitating the inclusion of encryption and decryption modules in BMC chips. Recently, I conducted a brief study: Encryption algorithms can be categorized into symmetric encryption algorithms, asymmetric encryption algorithms, and hash algorithms. Symmetric encryption algorithms use a single key to perform both encryption and decryption operations, offering extremely high computational efficiency, allowing for rapid processing of large files or real-time data streams. This is a core method for ensuring data confidentiality. However, the key must be securely transmitted and kept confidential between communicating parties; once leaked, it can lead to encryption failure. Typical algorithms include AES, SM4, and ChaCha20, which are widely used in local data encryption and high-speed transmission scenarios. Asymmetric encryption algorithms use a key pair consisting of a public key and a private key. The public key can be shared openly, while the private key is kept secret by the holder. Its core feature is that “content encrypted with the public key can only be decrypted with the private key, and information signed with the private key can only be verified with the public key,” perfectly solving the key exchange problem of symmetric encryption. It is suitable for identity authentication and digital signatures but has higher computational complexity and lower efficiency. Representative algorithms include RSA, ECC, and SM2. Hash algorithms do not require a key and can transform input data of any length into a fixed-length digest, with the process being irreversible—meaning the original data cannot be inferred from the digest. Its key feature is the “avalanche effect,” where a small change in input results in a completely different digest. Therefore, it is mainly used for verifying data integrity, such as file checksums and password storage. Common algorithms include SHA-256 and SM3.In simple terms, symmetric encryption uses the same key for encryption and decryption, which is fast but difficult to share; asymmetric encryption uses a pair of public and private keys, which is easier to share but slower; hash algorithms are irreversible and compress data into a fixed fingerprint for verification.In practical applications, the three are often used in combination to form an efficient and secure encryption system. Encryption algorithms can also be divided into international algorithms and national secret algorithms: International algorithms are widely recognized and standardized cryptographic algorithm systems globally, characterized by strong compatibility and high standardization. Symmetric encryption is centered around AES (Advanced Encryption Standard), supporting 128/192/256-bit keys, with high computational efficiency and long-validated security, making it the mainstream symmetric algorithm used internationally. Asymmetric encryption commonly uses RSA and ECC (Elliptic Curve Cryptography): RSA is based on the difficulty of factoring large integers and supports digital signatures and key exchanges, being an early mainstream algorithm; ECC is based on elliptic curve mathematics, offering shorter keys and higher efficiency for the same level of security, with rapid growth in application in recent years. Hash algorithms are primarily based on the SHA series, such as SHA-256 (outputting a 256-bit digest) and SHA-3, used for data integrity verification and password hashing. National secret algorithms are a series of cryptographic algorithms independently developed in China, with standards set by the National Cryptography Administration. The symmetric encryption algorithm is represented by SM4, which uses a 128-bit key and is suitable for data encryption and communication confidentiality, with security comparable to AES. Asymmetric encryption is primarily based on SM2, which is based on elliptic curve cryptography and supports digital signatures and key exchanges, outperforming RSA in performance. The hash algorithm is centered around SM3, outputting a 256-bit digest for data integrity verification, often used in conjunction with SM2 to build a complete security system.
| Algorithm | Type | Status | International Algorithm Equivalent | Application Scenarios |
| SM1 | Symmetric Encryption | Not Public | AES | Smart IC cards, encryption cards, etc. |
| SM2 | Asymmetric Encryption (Elliptic Curve) | Public | RSA/ECC | Digital signatures, key exchanges |
| SM3 | Hash Encryption | Public | SHA-256 | Data integrity verification, digital signatures |
| SM4 | Symmetric Encryption | Public | AES |
Mobile payments, IoT communications, government data encryption |
| SM5 | Symmetric Encryption | Not Public | PRESENT |
RFID, sensor networks |
| SM6 | Asymmetric Encryption | Not Public | —— |
High-security government systems |
| SM7 | Symmetric Encryption | Not Public | DES | Access control systems, smart cards |
| SM8 | Symmetric Encryption | Not Public | IBE |
Key Management Systems (KMS) |
| SM9 | Asymmetric Encryption (Identity-based) | Public | IBE |
Vehicle networking, certificate-free encryption, cross-institution identity authentication |
| SM10 | Quantum-resistant Encryption | In Development | CRYSTALS – Dilithium |
Future communications under quantum computer threats |
| ZUCZu Chongzhi | Symmetric Encryption | Public | AES-ECB |
4G/5G communication encryption, IoT streaming data encryption |
As mentioned in the previous introduction to BMC chip hardware, a dedicated hardware encryption and decryption module is provided in the BMC, offering users rich encryption and decryption capabilities applicable in various scenarios: 1. Program security, such as secure boot and trusted measurement, ensuring that the firmware programs running on itself or other components are secure and reliable. 2. Communication security, such as remote control and account login, establishing an encrypted channel between the BMC and remote management clients, encrypting all transmitted instructions, data, video, etc., to prevent sensitive information (such as account passwords, operation commands, screen mirroring) from being intercepted or tampered with during network transmission. 3. Data security, such as monitoring data on hardware and stored logs, where the BMC can store information about components or FRUs, important information on the server motherboard, and data collected from hardware, all of which can be encrypted to ensure they are not obtained by third parties. With broader and deeper applications, the encryption and decryption module of the BMC can play an even greater role.Links to some articles from the public account:BMC Chip Security – Open Source Caliptra and OpentitanBMC Chip Functions – Fan ControlBMC Chips in AI ServersBMC Taiwan Aspeed AST1800BMC Taiwan Aspeed AST2700PECI InterfaceBMC Chips and RISC-VVideo Encoding of Server BMC ChipsLearning the ESPI InterfaceThree Functions of BMC ChipsHappy Chinese New Year 2025BMC Chip Manufacturers (I)BMC Software VendorsBMC Hardware (III)BMC Hardware (II)BMC Hardware (I)BMC Software (II)BMC Software (I)BMC Overview