A method for secure data protection includes generating a firmware digital certificate for a layer of firmware. The firmware operates a hardware component of a compute node. The firmware digital certificate is an attribute certificate. The firmware digital certificate includes a cumulative hash of the layer of firmware and a nonce. The cumulative hash includes a concatenation of a hash of the layer of firmware and a hash of each one or more lower layers of the firmware. The method includes authenticating the layer of firmware using a trusted data store. The trusted data store includes a binary image of an expected layer of firmware and a certificate chain comprising the hardware digital certificate and the firmware digital certificate.