Abstract

Tolly’s August 2025 Report #225142 documents May 2025 lab work in which 17th-generation Dell PowerEdge servers were equipped with Broadcom Emulex LPe38102 SecureHBAs running at 64 Gbits Fibre Channel. The study examined how the cards integrate with Dell’s new iDRAC 10 security processor and whether their hardware-based, “autonomous in-flight encryption” can safeguard data without degrading 64 GFC performance.

Security findings. iDRAC 10 blocked a deliberately unauthenticated firmware load and confirmed the HBA is SPDM-capable, providing silicon root-of-trust attestation on the PCIe bus. The adapter already meets NSA CNSA 1.0 guidance and is built for the upcoming CNSA 2.0 post-quantum algorithms. Its FC-SP-3 autonomous EDIF self-negotiates session keys to encrypt every frame, without host-side key management or switch dependencies. These capabilities align with Europe’s NIS2/DORA mandates and the U.S. zero-trust roadmap, which both call for stronger device attestation and cryptography by 2030.

Performance results. With encryption enabled, FIO micro-benchmarks still drove the HBA to more than 92% of theoretical 64 GFC bandwidth and surpassed its 10 million-IOPS specification on small-block workloads. In HammerDB Oracle 19c TPROC-C tests, back-to-back encrypted and unencrypted runs produced virtually identical transaction-per-minute and latency numbers, demonstrating that the security overhead is effectively negligible.