Eviden selected ProvenCore to secure the BullSequana SH supercomputing platform designed for mission-critical AI and HPC workloads. The Baseboard Management Controller (BMC) was identified as a critical root of trust and a highly exposed attack surface. By adopting the CC EAL7 certified ProvenCore, Eviden established a formally verified foundation to ensure platform integrity through a security-by-design approach.
BullSequana SH had to meet stringent security requirements while remaining flexible enough to operate across heterogeneous hardware and evolving ASPEED BMC generations. The platform needed to drastically reduce its Trusted Computing Base, enforce secure boot and update integrity at scale, support rollback protection and recovery, and maintain compatibility with OpenBMC without exposing critical security components to untrusted code paths.
Meeting these demands meant transitioning away from traditional hardening and toward a fully formal, certifiable architecture capable of guaranteeing correctness, resilience, and long-term maintainability.
Eviden selected ProvenCore to secure the BullSequana SH supercomputing platform, designed for mission-critical AI and HPC workloads. The Baseboard Management Controller (BMC) was identified as a critical root of trust and a highly exposed attack surface. By adopting the CC EAL7 certified ProvenCore, Eviden established a formally verified foundation to ensure platform integrity.
The collaboration produced significant, measurable security improvements across all BullSequana SH platform generations from 2024 to 2028. The system now enforces a verified secure‑boot chain, guarantees firmware integrity throughout its lifecycle, and protects all updates with signed authentication and anti‑rollback safeguards. The attack surface has been reduced substantially thanks to strict isolation of security‑critical elements, and the platform’s security posture is now fully aligned with sovereign‑grade regulatory requirements.
The same principles, minimal TCB, strong attestation, hardware‑anchored trust, and isolation of sensitive workloads, are foundational to the ProvenHSM model. They show how cloud providers can deliver sovereign‑grade confidential execution capabilities without relying on VM‑based trust boundaries or provider‑controlled attestation services.
The BullSequana SH case validates the core idea behind ProvenHSM: a standalone, certifiable, independent execution environment unlocks a new class of high‑assurance cloud services.
USE CASES