Securing Hardware and Firmware Supply Chains
In the modern cloud data center, ensuring the authenticity, integrity, and security of hardware and firmware is paramount. Firmware is the lowest level software that runs on every chip in a server, e.g., CPU, GPU, storage controller. Since firmware provides programming interfaces that higher-level software builds upon, one could think of the hardware as bedrock and the firmware as the foundation upon which the rest of the stack is built.
Microsoft works with industry partners through the Open Compute Project (OCP) to define open hardware and firmware specifications that benefit the entire industry. One recent example, Caliptra, provides an open and transparent implementation of a Root of Trust for any ASIC. The Caliptra Root of Trust provides an unforgeable unique identity for each device, as well as a way to validate the authenticity of all the firmware running on the device. As industry partners start to deliver products with Caliptra as the root of trust next year, their customers will have increased confidence in the security and trustworthiness of the hardware they deploy.
With the Caliptra effort well underway, Microsoft and the OCP security community turned to improving the trustworthiness of the firmware serving as the foundation for the software environment. The result of this effort was the OCP Security Appraisal Framework and Enablement (SAFE) program launched in October of 2023 at the OCP Global Summit. This framework ensures security compliance for cloud hardware and firmware. Simply put, the goal of SAFE is to build a better foundation.
.jpg){kind=tracking}
