Skip to content

Leveraging an Internet-Connected VM for Anyware Trust Center

The Anyware Trust Center is a critical component of HP Anyware's secure hardware and software lifecycle management system. As part of the Anyware Trust Center install, upgrade, and the Firmware update processes, the Trust Center incorporates an internet-connected virtual machine (VM).

This architectural choice is not incidental; it is a direct implementation of the Zero Trust Architecture (ZTA) model adopted by the Anyware Trust Center.

Role of the Internet-connected VM

The use of an internet-connected VM in the Anyware Trust Center is a security-first design decision rooted in Zero Trust Architecture. It enables dynamic verification of firmware integrity, ensures adherence to cryptographic policy, and bridges the gap between cloud-based Zero Trust services and offline environments — making it a cornerstone of HP Anyware's trusted device and software supply chain lifecycle.

The internet-connected VM serves as a controlled interface for:

  • Building install and upgrade payloads
  • Pulling cryptographic metadata and digital signatures from HP's trust services
  • Maintaining a secure software supply chain

Before any install or upgrade can be approved for deployment, the internet-connected VM verifies the authenticity and integrity of all software payloads, in alignment with the Anyware Zero Trust principles.

Alignment with Zero Trust Architecture (ZTA)

As outlined in the Trust Center ZTA documentation, Zero Trust is based on the premise: Never trust, always verify. The internet-connected VM is essential for enforcing several tenets of this architecture:

Continuous Verification

The VM enables dynamic, cloud-based verification of:

  • Firmware signing chains
  • Valid certificate chains and global factory revocation statuses (e.g., OCSP, CRLs)
  • Real-time policy decisions (e.g., approval of firmware versions or rollback restrictions)

Least-privilege Access and Strong Authentication

All upgrade operations initiated via the Anyware Trust Center must pass through rigorous access control checks, many of which depend on initial cloud-based trust brokers and identity services. The VM mediates these calls securely using short-lived customer-unique tokens issued by HP's Cyber systems.

Device and Payload Integrity Assurance

Firmware payloads are never blindly accepted or distributed. Instead, the internet-connected VM fetches and verifies all relevant integrity metadata, such as:

  • Secure hashes from origin servers
  • Time-stamped attestations
  • Update manifests signed with HP’s root of trust

This guarantees that the payload has not been altered in transit or post-build. It then generates a new trust chain that is used between the internet-connected VM and the Darksite deployed Trust Center to extend the supply chain verification and guarantee payload transfers to the Darksite.

Darksite Preparation Workflow

Once trust is established via the internet-connected VM, Trust Center packages and firmware payloads with their associated metadata can be securely transported to offline environments, with confidence that:

  • The payload is verified and intact and did indeed come from HP's distribution systems
  • The offline site is not being exposed to untrusted or tampered code
  • Trusted Zero Clients deployed on the Darksite came from trusted factories and manufactures

This approach balances operational security for Darksites with the flexibility of modern, cloud-enabled Zero Trust verification workflows.

Important

We recommend keeping the internet-connected VM available for future use. It can safely be powered off or a snapshot taken of the disk until it is required in the future. Reusing the VM will allow smoother upgrades and certificate renewals in the future.