Rambus and the OCP: Tackling Cloud Data Security with a Hardware Root of Trust

Founded in 2009, the Open Compute Project (OCP) is a collaborative community focused on redesigning hardware technology to efficiently support the growing demands on compute infrastructure. More recently, the OCP formed a security working group to tackle the formidable challenges of data security in the cloud, including the increasing sophistication of malicious actors. In conjunction with their tech week, today the OCP announced the version 1.0 Root of Trust (RoT) specification.

The OCP specification starts with the requirement that both the platform (the server being protected) and device must have a hardware RoT. Amongst its many responsibilities, the RoT verifying the device firmware at boot, maintains authenticity during updates, and recovers in the event of corruption. The OCP specification further specifies how a system should boot: each device/peripheral must first boot securely, using the RoT to ensure authenticity of its firmware. It must verify the firmware’s cryptographic signatures using a policy that is defined by the system owner for authorizing only valid firmware signers. Then, the platform RoT is responsible for requiring all devices in the system to attest – to prove in an irrefutable way that the firmware it is running is indeed what is expected. Once the platform RoT has booted the platform successfully, and has attested all devices, the platform is finally considered to be secured. Of note, the first release includes specifications for secure boot, peripheral attestation, and threat scope.

Click here to read more ...

×
Semiconductor IP