PFR Archives - AMI

AMI Contributes its Tektagon OpenEdition Platform Root of Trust Firmware Code Base to the Open Compute Project

Tue, 18 Oct 2022 16:00:59 +0000

ATLANTA, GEORGIA / SAN JOSE, CALIFORNIA – AMI®, a global leader in the Dynamic Firmware market for worldwide computing, today announces its contribution of its Tektagon OpenEdition™ Platform Root of Trust (PRoT) code base to the Open Compute Project® (OCP®).

This contribution joins AMI’s ongoing contributions of its Aptio OpenEdition™ UEFI Firmware and MegaRAC OpenEdition™ BMC Firmware code bases to OCP. With this contribution, AMI now offers open-source firmware solutions across all three of its core firmware product categories – to power (UEFI), manage (BMC) and secure (PRoT) the world’s connected devices with open-source dynamic firmware from AMI.

The Open Compute Project (OCP) represents a global community of technology leaders working together to break open the black box of proprietary IT infrastructure to achieve greater choice, customization, and cost savings. OCP makes these solutions, standards and designs available through its OCP Marketplace, where organizations of all types and sizes can research and learn how to purchase OCP Accepted™ and OCP Inspired™ products.

As an OCP Contributor, AMI is committed to encouraging transparency, reliability and security within the open-source community to drive the industry forward, encourage broader adoption of industry-standard data center solutions and harness a respected platform to provide innovative features back to the community. With these goals in mind, AMI continues to work with leaders in the Open Compute ecosystem such as ASPEED® Technology – whose AST1060 service processor is the silicon of choice for the Tektagon OpenEdition solution – to address the challenges and needs that are most important to the OCP end-user community.

As part of its commitment to OCP and open-source initiatives, AMI collaborates closely with silicon providers, ODMs and OEMs to provide open firmware solutions based on the most prevalent source trees while it develops additional value-add features for them. In this way, AMI can maintain the base source, offer multiple levels of support options and offer add-ons for advanced features. Additionally, the AMI source trees are fully managed and maintained by AMI with its world class engineer-to-engineer support and ongoing contributions to OCP.

About Tektagon OpenEdition

Tektagon OpenEdition is an open-source Platform Root of Trust (PRoT) solution with foundational firmware security features that detect platform firmware corruption, recover the firmware and protect firmware integrity. With its open-source code, Tektagon OpenEdition™ augments transparency, resulting in high-quality code and improves implementation with greater customizability, extensibility and support for the open-source community – resulting in faster time-to-market. And like its sibling Tektagon™ XFR – AMI’s flagship PRoT solution – Tektagon OpenEdition is compliant with the NIST Platform Firmware Resiliency (PFR) Guidelines NIST SP 800-193. It is available today for the open-source community through the Open Compute Project GIT repository at https://github.com/opencomputeproject/Tektagon-OpenEdition.

“Today’s announcement is a key milestone for AMI in our open-source firmware strategy. We have reached the ‘trifecta’ with our open-source firmware offerings and can now offer open-source solutions for everything you need on the platform – to power, manage and secure your mission-critical connected devices,” said Zachary Bobroff, Senior Director of Product Office at AMI and a key driver of OCP participation at AMI. “In today’s rapidly expanding IT landscape, there is more data, along with more devices and more architectures – thus more vulnerabilities open to exploit and attack. The Open Compute ecosystem is no different in that regard, highlighting the extreme importance for an open-source PRoT solution such as our Tektagon OpenEdition. We are grateful to the OCP team and our partners like ASPEED who have supported and collaborated with us on the journey to reach today’s important milestone,” he added.

“The Open Compute Project (OCP) Foundation is delighted to see AMI’s contribution of Tektagon OpenEdition to the OCP Community today. As threats to firmware integrity and security increase, AMI’s participation in building up hardware security layers that enable systems builders to more easily deliver open and secure cloud platforms is exactly what the Community needs – and at the right time. We are grateful and recognize AMI’s work and participation in the OCP Community and their resulting contribution to platform security, and their commitment to OCP’s mission to deliver open, validated, secure and scalable cloud solutions,” said Bijan Nowroozi, CTO from the Open Compute Project Foundation.

He added that “AMI’s participation underscores the importance and growing enthusiasm for open-source initiatives at all levels of the scalable computing ecosystem. Adopters of OCP firmware like Tektagon OpenEdition will ultimately benefit by reduced development and validation efforts and resources, both now and into the future. OCP’s focus on sustainable lifecycle design extends the lifecycle of their platforms, and this hardware security solution further enhances that approach by providing adopters with the assurance of commonly available, stable, secure and hardened code.”

“In order to secure platform firmware, the root of trust must be proven – which requires all firmware to be validated and trusted. We are very pleased that AMI has selected the AST1060 PRoT SoC as the hardware vehicle for Tektagon OpenEdition to deliver this capability in an open-source solution through OCP and applaud AMI on its latest source code contribution to the Project. The AST1060 is NIST SP 800-193 compliant as a platform firmware resilience (PFR) solution and features a high-performance Arm® Cortex® M4 CPU (200MHz) to significantly enhance the efficiency of secure image verification to make it a perfect choice for AMI. The internal flash and SRAM architecture of the AST1060 brings the utmost security protection to devices and provides an economical, efficient and powerful silicon platform for the Tektagon OpenEdition firmware,” said Chris Lin, Chairman and President of ASPEED.

For more information about the Tektagon OpenEdition code base components from AMI and the benefits of leveraging open-source firmware code from AMI, please visit ami.com/open-source. To review the specifications and key features of the solution, download the Tektagon OpenEdition datasheet at https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Data_Sheets/Security_Solutions/Tektagon_OpenEdition_Data_Sheet_PUB.pdf.

About the Open Compute Project Foundation

At the core of the Open Compute Project (OCP) is its community of hyperscale data center operators, joined by telecom and colocation providers and enterprise IT users, working with vendors to develop open innovations that when embedded in product are deployed from the cloud to the edge. The OCP Foundation is responsible for fostering and serving the OCP community to meet the market and shape the future, taking hyperscale led innovations to everyone. Meeting the market is accomplished through open designs and best practices, and with data center facility and IT equipment embedding OCP community developed innovations for efficiency, at-scale operations, and sustainability. Shaping the future includes investing in strategic initiatives that prepares the IT ecosystem for major changes, such as AI & ML, optics, advanced cooling techniques, and composable silicon. Learn more at www.opencompute.org.

The OCP® and OPEN COMPUTE PROJECT® marks are owned by and used with the permission of the Open Compute Project Foundation. GITHUB®, the GITHUB® logo design, OCTOCAT® and the OCTOCAT® logo design are exclusive trademarks registered in the United States by GitHub, Inc. ASPEED® is a registered trademark of ASPEED Technology Inc. Arm® and Cortex® are registered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. Intel® is a registered trademark of Intel Corporation. All other trademarks and registered trademarks are the respective property of their owners.

The post AMI Contributes its Tektagon OpenEdition Platform Root of Trust Firmware Code Base to the Open Compute Project appeared first on AMI.

Cyber Resiliency for Firmware Protections and Supply Chain Security Webinar Presented by Lattice Semiconductor

Mon, 06 Jun 2022 20:00:00 +0000

Cyber Resiliency for Firmware Protections and Supply Chain Security Webinar

Presented by Lattice Semiconductor

This seminar will explore the challenges, opportunities, and latest solutions for the global hardware security industry. You’ll walk away with a better understanding of what a Cyber Resilient system requires, especially in compute architectures and the new supply chain paradigms that will reduce your supply chain security costs while increasing your protections. Security industry leaders from AMI and Lattice will also discuss ways to prepare for and respond to threats when building and operating secure systems in today’s complex and ever-changing technology ecosystem.

DATE & TIME

Monday, June 6, 2022
4 to 6 pm PDT

SPEAKERS

Eric Sivertson – VP, Security Business, Lattice
Nilesh Narayan – Director, Server Marketing, Lattice
Kenneth Tao – Director, Business Development, AMI

AGENDA

The Importance of Cyber Resilience & Supply Chain Security
Current Threat & Risk Landscape
Security & Protective Solutions
Ecosystem Highlight – Platform Firmware Resiliency (PFR) Orchestration in Servers
Q&A

The post Cyber Resiliency for Firmware Protections and Supply Chain Security Webinar Presented by Lattice Semiconductor appeared first on AMI.

Platform Security Starts at the Root of Trust

Sun, 24 Oct 2021 16:22:22 +0000

Tektagon™ XFR ,A Guide to Implementing HRoT with NIST PFR Guidelines

Data breaches are increasingly costly as the sophistication and funding (in some instances, state-sponsored) of hackers has increased. The Cost of a Data Breach Report 2021 by IBM states that “2021 had the highest average data breach cost in 17 years” rising from USD 3.86 million to USD 4.24 million.

While companies have taken steps in some areas to improve security, firmware is the next prime area for hackers. According to the March 2021 Security Signals (a report commissioned by Microsoft), “More than 80% of enterprises have experienced at least one firmware attack in the past two years.”

Firmware is emerging as a primary target for hackers because it is where sensitive information, including credentials and encryption keys, is stored in memory. If platform firmware is compromised, the entire platform is compromised.

With the largest technology companies seriously engaging and taking the next steps to implement a hardware root of trust (HRoT) solution, all original design manufacturers (ODMs) and original equipment manufacturers (OEMs) should be motivated and respond to the current situation.

Need for HRoT Protection

From the time that an OEM/ODM builds a server and it enters the supply chain, reaches the datacenter and then gets installed and becomes operational, there are numerous opportunities for disreputable actors to compromise the server.

While conventional thinking assumes that reimaging the system to its original state will wipe out any malware, some malware could survive a firmware update. However, HRoT solution will provide a foundational level of security since it establishes the authenticity of the firmware and validates that it has not been compromised before allowing a system to boot. If the firmware is compromised, it may be impossible to detect without specialized hardware. To address firmware integrity, the U.S. National Institute of Standards and Technology (NIST) added to its security guidelines.

NIST 800-193 Platform Firmware Resiliency (PFR) Guidelines

Released in May 2018, NIST Special Publication 800-193 Platform Firmware Resiliency (PFR) Guidelines were developed to help organizations prepare better against potentially destructive attacks to the collection of hardware and firmware components of a computer system. The security guidelines are based on the principles of protection, detection and recovery.

Protection: Solution must ensure that Platform Firmware code and critical data remain in a state of integrity and are protected from corruption, such as the process for ensuring the authenticity and integrity of firmware updates.

Detection: Mechanisms must be in place for detecting when Platform Firmware code and critical data have been corrupted or otherwise changed from an authorized state.

Recovery: Finally, for recovery from a disruptive event, a system must have the capability to restore Platform Firmware code and critical data to a state of integrity when firmware code or critical data are detected to have been corrupted, or when forced to recover through an authorized mechanism. Recovery is limited to the ability to recover firmware code and critical data.

To be resilient, all three basic requirements for resilient firmware must be satisfied: the firmware must be protected from tampering, corrupted firmware must be detected, and compromised firmware must be restored.

Hardware Root of Trust from AMI

While NIST 800-193 describes what has to be done to detect, protect and recover firmware, it does not provide the “how to” portion. This is where over 35 years of firmware expertise of AMI comes into the picture. Tektagon™ XFR, formerly AMI PlatFire, is a comprehensive HRoT solution, a robust PFR product that utilizes Lattice FPGA to provide an independent HRoT with maximum flexibility to not only detect and protect against firmware attacks, but also recover and re-provision platform firmware, minimizing data center downtime and loss of confidential data.

Designed to Detect, Protect and Recover Firmware

Tektagon™ XFR is designed to detect, protect and recover firmware from unauthorized modification. The solution can continuously monitor and block unauthorized SPI and SMBus transactions during runtime to ensure no malicious read/write commands are executed. If necessary, it can detect when the platform firmware code and critical data is compromised or corrupted. In the event platform firmware is corrupted, the solution can restore platform firmware and authenticate recovery image upon failure. Compatible with most silicon vendors, this NIST 800-193 compliant HRoT solution minimizes platform ecosystem or vendor lock-in and can provide up to 30% cost savings on a combined chip solution compared to competitive alternatives.

What does Tektagon™ XFR Protect?

Utilizing the Baseboard Management Controller (BMC) HRoT engine, Tektagon™ XFR validates BMC and BIOS firmware. It is also capable of monitoring and securing any firmware accessible by the BMC, including add-in cards, power supplies, NICs and Non-volatile DIMMS.

To easily and quickly implement Tektagon™ XFR, a best-known configuration (BKC) reference design is offered to OEM/ODMs.

Prioritizing Platform Firmware Security and Resiliency

Tektagon™ XFR firmware protection is foundational security and security of a layer is only as good as the layer below it. So, trust must be established pre-boot and mechanisms must be there to protect, detect and restore platform firmware.

Timing is important and October is National Cybersecurity Awareness Month (NCSAM). Started in 2004 as an effort by the U.S. Department of Homeland Security, NCSAM is now an industrywide push that takes place in October to make organizations more aware of cyber threats. As part of your company’s response to October’s National Cybersecurity Awareness Month and to improve your company’s platform security, learn more about how AMI HRoT solutions can help you make your platform firmware more secure and resilient.

To learn more about Tektagon™ XFR, visit: ami.com/ami-hrot

To schedule a consultation, please visit: ami.com/contact

The post Platform Security Starts at the Root of Trust appeared first on AMI.

AMI and Lattice Semiconductor Announce Joint Platform Firmware Resiliency Security Solution: Tektagon XFR Firmware with Lattice Sentry Solutions Stack

Thu, 19 Nov 2020 10:00:00 +0000

DULUTH, GEORGIA / HILLSBORO, OREGON – AMI®, a global leader in powering, managing and securing the world’s connected digital infrastructure through its BIOS, BMC and security solutions, and Lattice Semiconductor, the low power programmable leader, are pleased to announce a new jointly-developed platform firmware security solution, Tektagon™ XFR Firmware, formerly AMI PlatFire®, with the Lattice Sentry™ solutions stack. The solution enables developers to quickly and easily implement system-level cyber resiliency that is pre-validated as compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP 800-193), making it easy for developers with limited hardware security expertise or limited time-to-market to implement PFR on the latest industry-standard server platforms.
The solution combines technology from two of the leading names in PFR – AMI and Lattice Semiconductor – to bring the industry an integrated, fully-featured, pre-verified and secure Platform Root-of-Trust (PRoT) solution that is flexible, scalable, low cost, and easy to implement. The solution uses the Lattice Sentry stack, featuring a low-power Lattice MachXO3D™ secure control FPGA running pre-verified, PFR-compliant IP, to implement a PRoT on a server’s motherboard. The Tektagon™ XFR firmware then orchestrates the connection between the PRoT and other on-board components, such as SoCs and RoCs, to confirm the firmware they are running is valid.
“We’re excited by the growing interest from customers across markets in implementing PFR to protect their systems. Pairing our Sentry solutions stack with AMI’s new Tektagon™ XFR firmware provides a comprehensive, system-level PFR solution that helps developers quickly and easily protect their system firmware, making PFR support possible for a larger potential customer base,” said Esam Elashmawi, Chief Strategy and Marketing Officer, Lattice Semiconductor.
Sanjoy Maity, Chief Executive Officer of AMI, added that “Our Tektagon™ XFR PRoT firmware provides customers an affordable, flexible and comprehensive alternative to existing competitor solutions. By partnering with Lattice Semiconductor to deliver Tektagon™ XFR on a secure Lattice MachXO3D FPGA with the Lattice Sentry Security stack and a full suite of design and development tools, together we can offer complete system security that is fully compliant with NIST PFR Guidelines and is host CPU vendor agnostic – so customers don’t have to feel locked into a particular ecosystem or platform to have a secured system.”

Firmware Security Trends are Changing Faster than Ever

Firmware is an increasingly popular attack vector; the National Vulnerability Database reported that between 2016 and 2019 the number of firmware vulnerabilities grew over 700 percent¹. The NIST PFR guidelines were written to help developers understand how to protect legitimate firmware, detect unauthorized firmware, and restore compromised firmware to a known good state by establishing a PRoT. PRoT solutions validate platform firmware at boot to ensure it has not been modified illegitimately. Currently, developers with PFR design expertise are in limited supply, and OEMs requiring support for PFR often have strict time-to-market requirements that preclude developing a PFR solution from scratch. Recognizing these trends, AMI and Lattice worked together to deliver a tightly integrated, pre-validated PFR solution. It provides a robust PRoT, for real-time I2C bus and SPI monitoring of both BIOS and BMC SPIs, so from the moment a system boots all transactions over the SPI bus are monitored.

What is Tektagon™ XFR?

AMI has applied its 35 years of deep expertise in BIOS and BMC firmware development to deliver a robust PFR solution designed to detect, protect and recover firmware from unauthorized modification. As implemented in the AMI-Lattice joint solution, the Tektagon™ XFR firmware executing on the Lattice MachXO3D with the Lattice Sentry solution stack orchestrates the connection between the solution’s PRoT and all other ICs on the motherboard. Moreover, Tektagon™ XFR firmware is host CPU-agnostic, to give system developers greater flexibility in supporting the CPU requirements of their chosen server platform.
Thanks to its seamless integration with Aptio® UEFI Firmware and MegaRAC® SPX BMC Firmware from AMI, Tektagon™ XFR delivers a truly turnkey PFR solution – making use of the Lattice MachXO3D IP blocks to support detection and recovery of platform firmware, together with runtime monitoring of SPI flash memory used to store the platform firmware.

What is Lattice Sentry?

The Lattice Sentry solutions stack delivers a robust combination of customizable embedded software, reference designs based on the Lattice MachXO3D secure control FPGA, IP, and development tools to accelerate the implementation of secure systems compliant with PFR guidelines. As the system controller, the MachXO3D is the first component to execute code and attest power sequencing logic at system startup, making it an ideal platform for establishing a PRoT. Thanks to the MachXO3D FPGA’s parallel processing architecture and flash memory, the device monitors for and detects attacks in real-time – a truly groundbreaking innovation as real-time monitoring is currently beyond the processing capabilities of competing PRoT solutions like MCUs.
For more information on the joint Tektagon™ XFR PRoT Firmware on Lattice Sentry solutions stack, please call 1-800-828-9264 to speak with an AMI Security Solutions expert or contact us via ami.com/contact.
For more information about Lattice Sentry, please visit https://www.latticesemi.com/latticesentry.
About Lattice Semiconductor
Lattice Semiconductor (NASDAQ: LSCC) is the low power programmable leader. We solve customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive, and consumer markets. Our technology, long-standing relationships, and commitment to world-class support lets our customers quickly and easily unleash their innovation to create a smart, secure and connected world.
¹Source: National Vulnerability Database (2016 and 2019)
MachXO3D™ is a trademark of Lattice Semiconductor Corporation. All other trademarks and registered trademarks are the property of their respective owners.

The post AMI and Lattice Semiconductor Announce Joint Platform Firmware Resiliency Security Solution: Tektagon XFR Firmware with Lattice Sentry Solutions Stack appeared first on AMI.