Continued innovation and evolution in computing technology have driven an increase in planned obsolescence and cost to Hyperscalers and Enterprise customers. Large investments in compute infrastructure cause vendor lock-in to customers, resulting in a lack of agility to switch and optimize architectures for workloads and scale as business requirements change. Datacenter Modular Hardware System (DC-MHS) combined with AMI Build Orchestrator Service (BOS) is a solution. To showcase this solution among other concepts to the attendees, AMI will participate in this year’s OCP Regional Summit in Prague, Czech Republic.

What is Data Center – Modular Hardware System (DC-MHS)?

DC-MHS exists to increase interoperability between server key elements and allows hyperscalers and enterprise customers to reduce costs and increase scalability, reliability, and sustainability. It supports modularity in compute, IO, and storage components across generations, architectures, and vendors. This modularity allows those same customers to upgrade components independently, with vendor-agnostic system configurations that meet their requirements. The ability to swap parts as needed adds sustainability by adding the benefit of decreasing e-waste and feeding into secondary markets.

What is AMI displaying at OCP Regional Summit 2023?

AMI is innovating to provide a sophisticated Build Orchestrator Service that supports hyperscalers’ and enterprise customers’ configuration, manageability, and provisioning needs. AMI’s Build Orchestrator Service (BOS) is a proof-of-concept product that will be the lynchpin of our cloud services, AMI Meridian, currently in development. AMI’s BOS can detect, build, and deploy BIOS and BMC firmware for images connected to AMI’s Meridian. The tool has intelligent hardware detection, enabling platform maintainers and end users to interchange components, automatically detect the changes, and new firmware images built and deployed for the new configuration.

Jabil is introducing a DC-MHS implementation in their J311-S 1U rackmount server. This device will have a Host Processor Module (HPM) hosting a 4th Generation Intel Xeon processor. A separate board, the Data Center-Secure Control Module DC-SCM) is populated with the BMC, BIOS flash, and hardware root of trust (HRoT).

When the hardware configuration changes, the firmware on the DC-SCM will need to be updated. At the OCP Regional Summit 2023, AMI will demonstrate a scenario where AMI BOS will detect the change from a managed Jabil node and notify the hardware maintainer of the change and the requirement for a specific image to be flashed. Via BOS, the user will have options to create a configurable build for the device, along with pre-built, validated images that can be downloaded and deployed. This removes multiple pain points for hardware maintainers, allowing them to manage the firmware of their servers quickly, reliably, and securely in the field.

Come Join Us at Booth A15 to Learn More!

AMI continues to support OCP via its Open Edition firmware for Aptio OE, MegaRAC OE, and Tektagon OE. Customers, open-source developers, and technology enthusiasts are encouraged to participate and view this demo and other AMI demos in Booth A15, on April 19-20, 2023.

In a February 2022 supply chain security report issued by the Department of Homeland Security, platform firmware was referred to as, “one of the stealthiest methods in which an attacker can compromise devices at scale.” The reason is that compromised firmware sitting on the device or system motherboard cannot be detected by security applications running on the operating system. Consequently, this quiet method of intrusion is on the rise today, with cyber criminals focused on potentially taking control of a wide array of platforms.

AMI Tektagon™ XFR Platform Root of Trust (PRoT) Firmware Resilience on Arm-based Platforms

In order to secure platform firmware, the platform-agnostic AMI Tektagon XFR PRoT solution is a perfect fit. This solution leverages the Lattice™ Mach-NX Series, a low-power FPGA Hardware Root of Trust (HRoT) controller to detect, recover and protect against host firmware intrusions for total firmware resiliency. Additionally, for heightened system security, AMI Tektagon XFR delivers firmware attestation to peripheral devices as well as those on the motherboard. This complete PRoT solution is offered across all major platforms including Arm-based systems.

As cloud and on-premises data centers meet greater demands, it is crucial that there are more systems that can support the performance, scalability, and sustainability requirements with greater manageability. Meeting these demands are the Arm-based platforms, such as that provided in the Ampere Altra processor servers. Architected to meet the greatest functionality demands, these Arm-based platforms can provide all the necessary components to support a fully resilient PRoT solution, on the motherboard as well as peripheral devices.

What will be Revealed by AMI and Arm at the OCP Regional Summit?

At the Open Compute Project’s Regional Summit in Prague on April 19th and 20th, AMI and Arm will reveal AMI Tektagon XFR, deployed on a Broadcom PCIe Card connected to an Arm-based, Ampere Alta processor platform. The solution will show a secure system boot with device attestation using SPDM for active system management.

During the pre-boot phase, Tektagon XFR will initialize with the SPDM device to the Broadcom controller. Once the communication is established, the solution will verify the correct device manufacturer through a certificate exchange. Lastly, Tektagon XFR will run an attestation on signed measurements from the device, comparing it to known “good” values. With a successful attestation, the system will be released to boot. If attestation is unsuccessful, the system will be held at reset.

In addition to the demonstration, AMI and Arm will have a technical presentation about “Secure System Design on Arm using Platform Root of Trust (PRoT).” The session will be held at 9:30 am on April 20th.

Please Join AMI’s Booth Number A15 for the Demo Experience

Interested in viewing this live demo? Participants can find this and other demonstrations in the AMI booth (A15), at the OCP Regional Summit on April 19th and 20th. Stop by and engage with us for further discussions.

About AMI Tektagon XFR

AMI Tektagon XFR is a fully NIST 800-193 compliant integrated PRoT solution that is cost-effective, scalable, compatible, and easy to implement. The solution leverages a Lattice Mach-NX Series, a low-power FPGA controller to deliver pre-verified, PFR-compliant functionality, to a server’s motherboard and peripheral devices. Features of the Tektagon XFR solution include image validation, firmware attestation, and recovery, to deliver full firmware resiliency.

Malicious system firmware attacks are on the rise. The March 2021 Microsoft commissioned Security Signals report showed that more than 80% of enterprises had experienced at least one firmware attack through 2019 and 2020.  As Azim Shafqat, Partner at ISG and Former Managing VP at Gartner once said, “There are two types of companies – those who have experienced a firmware attack, and those who have experienced a firmware attack but don’t know it.”  Securing against these firmware attacks while avoiding downtime requires a robust firmware resiliency solution.

AMI Tektagon™ Answers the Call

Platform Root of Trust (PRoT) solutions, like AMI Tektagon XFR, enabled by the low-power Lattice™ Mach-NX Hardware Root of Trust FPGA can add platform firmware resiliency. However, the effort to implement a PRoT solution is not trivial.  Combine that with the hurdles of integrating different types of platform firmware with the compatibility necessary to initialize the host silicon.  Additionally, developers might be challenged to scale across multiple silicon and platform vendors. These challenges become more significant when building compatibility across different open-source firmware.

What Does AMI Tektagon XFR Demo on AMD Platform Showcase?

At the Open Compute Project’s Regional Summit in Prague on April 19th and 20th, AMI and AMD will showcase the AMI Tektagon XFR running on AMI Aptio OpenEdition UEFI open-source boot firmware using AMD 4th Gen EPYC™ processor-based platform.  The solution delivers detection of firmware intrusions, protection against ongoing firmware intrusions, and recovery from compromised firmware.

During the demo, OCP attendees will be able to see Tektagon XFR, running on the Lattice Mach-NX FPGA perform CPU attestation using SPDM with AMI Aptio OpenEdition boot firmware.  During the pre-boot phase of the platform bring-up, Tektagon will serve as the SPDM requester and issue commands to receive measurements from AMD’s SoC boot images. If the values received are different from the “known good measurements”, the boot process is halted.  Booting will then be prevented until the firmware image is recovered and a good flash image is reported.

Please join us at AMD Booth Number A4 to Experience the Demo

Interested in viewing this live demo? Participants can find this and many other demonstrations in the AMD booth (A4), at the OCP Regional Summit on April 19th and 20th.  Stop by and engage with members of AMD and AMI for further discussions.

About AMI Tektagon

AMI Tektagon XFR is an integrated PRoT solution that is cost-effective, scalable, compatible, and easy to implement.  The solution leverages a Lattice Mach-NX Series, a low-power FPGA controller to deliver pre-verified, PFR-compliant functionality, to a server’s motherboard and peripheral devices.  Features of the Tektagon XFR solution include image validation, firmware attestation and recovery, to deliver full firmware resiliency.

Open-source and Independent Firmware Vendors (IFVs) are not words you usually see together in the same sentence. However, AMI – one of the proud sponsors of the Open Compute Project (OCP) organization – is living proof that firmware vendors can play an active role in the open-source ecosystem and deliver value to themselves and the developer community at large. Accordingly, AMI will be participating in this year’s OCP Regional Summit in Prague featuring a collection of industry demonstrations and technical presentations. Let’s take a closer look at what AMI is doing in partnership with AMD to demonstrate the integration of AMI Aptio OpenEdition (open-source UEFI boot solution) with AMD’s Open-Source Silicon Initialization Library (AMD openSIL).

What is AMI showcasing at OCP Regional Summit 2023?

AMI is partnering with AMD and its other open-source partners to highlight the UEFI and coreboot boot flow of AMD’s 4th Gen EPYC™based platform using AMI Aptio OpenEdition (OE) and coreboot. Aptio OE, AMI’s OCP-approved, open-source UEFI firmware offering, provides a wide range of features and utilities for host boot firmware development, debugging, testing, and deployment. This UEFI stack provides a modular architecture that allows developers to create custom firmware modules with support for a variety of interfaces and protocols such as PCIe, USB, IPMI, and Ethernet. This demo will showcase an EDK II-based, UEFI boot firmware solution integrating with AMD openSIL to power a system to Linux and Windows OS. In addition to this, AMI will also perform a Linux boot demonstration integrating coreboot and AMD openSIL solution for the same platform.

What is AMD openSIL?

AMD openSIL is an open-source software library that provides a standard interface for initializing and configuring silicon IP blocks on AMD-based platforms at scale. It provides a library of APIs for a wide range of agnostic host firmware solutions – UEFI, coreboot, oreboot, etc. – and hardware IPs – processors, controllers, interfaces, etc. – that integrate with complex compute system designs such as System-on-Chips (SoCs), System-on-Modules (SoMs), as well as client, embedded, and server platforms.

Why should you care about this demo?

AMD’s industry standardization strategy and vendor-agnostic silicon initialization architecture will grant the developer community flexibility and transparency when deciding their host firmware solution. Developers are now able to scale using robust, feature-rich UEFI boot firmware offerings such as AMI’s Aptio V or Aptio OpenEdition; or lighter, non-UEFI options such as slimboot, coreboot, oreboot, and the like. Furthermore, the availability of the source code in open-source repositories will allow developers to leverage the libraries to fit their platform design needs. Lastly, AMD’s bold stance in open sourcing these libraries should improve developers’ ability to thoroughly test their platform firmware for functionality and security.

Join us at the Demo Booth!

Customers, open-source developers, and technology enthusiasts are encouraged to view these and other AMI demos at the OCP Regional Summit in the AMI Booth (A15), on April 19-20, 2023. Stop by and engage with members of AMD and AMI for further discussions.

See you there!