To arrive at its results, Eclypsium took a snapshot of the latest available OpenBMC vendor releases from the main Open BMC GitHub repository, Intel® S2600WF, Dell™ R670csp, Supermicro® X14DBG-AP and MegaRAC OneTree (version 2.0).  They then recorded both the number of open CVEs for each code revision and the related areas where the security issue exists.

While the results show a clear advantage for MegaRAC OneTree, readers should also take note that certain vulnerabilities discovered in the upstream OpenBMC code that were shown as CVEs affecting MegaRAC OneTree have already been mitigated by AMI. Additionally, we continue to apply mitigations directly to the downstream code in the form of updates distributed to customers that will be upstreamed in the next open-source revision. Consequently, the total number of CVEs that are open today is less than what the study from Eclypsium was able to capture.

Eclypsium’s report highlights the importance of leveraging a robust Software Bill of Materials (SBOM) approach with vulnerability management, regular updates, and transparency throughout the supply chain for maintaining a more secure supply chain.

For more information on our MegaRAC OneTree OpenBMC-based solution with add-on technologies and enhancements, we invite you to download the datasheet or contact us to schedule a discussion today.

OpenBMC is a trademark of LF Projects, LLC. MegaRAC is a registered trademark of AMI US Holdings, Inc., in the US and other countries. Intel is a registered trademark of Intel Corporation. Dell Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Supermicro® is a registered trademark of Super Micro Computer, Inc. All other trademarks and registered trademarks are the property of their respective owners.

The post Eclypsium Examines OpenBMC Security Across Multiple Builds, Identifies MegaRAC OneTree as Optimal Solution appeared first on AMI.

FIRST is based on a peer-to-peer network governance model, where Computer Security Incident Response Teams (CSIRTs), Product Security Incident Response Teams (PSIRTs) and independent security researchers work together across borders to limit the damage of security incidents. This requires a high degree of trust – fostered by FIRST through its distributed governance as well as the various activities it promotes. This model also fosters inclusiveness and ownership, by inviting membership from all geographic and cultural regions.

And today, we are pleased to share that after the completion of a rigorous application process, we have joined the global FIRST team. Notably, AMI is the first independent BIOS vendor (IBV) to gain admission to the Forum.

“As the Chair of the FIRST Board of Directors, it is my great pleasure to welcome AMI as a new full member to FIRST. With its deep experience at the forefront of firmware security and incident response, we are confident that AMI will make an immediate and meaningful impact as a FIRST member,” said Tracy A. Bills, Chairperson of the FIRST Board of Directors.

Recognizing the importance of its admission, Samuel Cure, Chief Information Officer at AMI commented that “As the first IBV to receive this honor, we are extremely proud to become a member of FIRST. We strongly believe that our many decades of leadership and expertise in firmware and platform security will bring a unique and effective perspective to this important work.”

About FIRST

FIRST is the Forum of Incident Response and Security Teams, whose members have resolved an almost continuous stream of security-related attacks and incidents including handling thousands of security vulnerabilities affecting nearly all of the millions of computer systems and networks throughout the world connected by the ever-growing Internet. FIRST brings together a wide variety of security and incident response teams including product security teams from the government, commercial, and academic sectors. Learn more at https://www.first.org/about/.

The post AMI Is First Independent BIOS Vendor to Join the Forum of Incident Response and Security Teams (FIRST) appeared first on AMI.

Beginning on April 29, AMI will once again join the OCP EMEA Summit – where global technical leaders come together to tackle the issues related to data center sustainability, energy efficiency and heat reuse in the EMEA region. The 2025 edition of the Summit takes place in Dublin, Ireland at the Convention Center Dublin from April 29-30, with AMI participating as a Premier Sponsor in Booth B6.

As always, our booth will host an exciting array of product demonstrations and presentations focused on driving the open compute community forward. One recent achievement we will highlight during the Summit is our certification in the OCP Security Appraisal Framework and Enablement (S.A.F.E.) Program, as we are the first independent BIOS vendor (IBV) to achieve this. The OCP S.A.F.E. Program is designed to provide a strong degree of security assurance for the provenance, code quality and software supply chain for firmware releases and patches for the wide variety of processing devices that are found in modern data centers.

AMI thought leaders will also deliver several presentations during the Summit to show how we are working to usher in the next generation of open and sustainable data centers with our intelligent firmware, including:

• “Unlocking the Future of Data Center Efficiency: Open Compute Project and Firmware Innovation” by Sanjoy Maity, Chief Executive Officer of AMI. Tuesday, April 29, 2025, from 13:35 PM – 14:00 PM IST (Irish Standard Time) on the Expo Hall Stage in the Forum on Level 1

• “Developing for Purpose, Efficiency, Reliability, and Interoperability with Arm Purpose-Built Silicon with Open-Source Firmware” by Zach Bobroff, Chief Product Officer of AMI. Tuesday, April 29, 2025, from 13:35 PM – 14:00 PM IST in Liffey Hall 1 on Level 1

• “Unified Platform Configuration: OPF Initiative to Simplify Platform Configuration” by Felix Polyudov, Director of Engineering (BFG – Aptio) of AMI. Tuesday, April 29, 2025, from 15:15 PM – 15:30 PM IST in Liffey Hall 1 on Level 1

• “A Unified Approach for AI Infrastructure Manageability Using Open-Source Firmware” by Zach Bobroff, Chief Product Officer of AMI and Adonay Berhe, Product Marketing Manager of AMI. Tuesday, April 29, 2025, from 16:20 PM – 16:40 PM IST in Liffey Hall 1 on Level 1

• “AI Infrastructure Rack Management: Exploring Scalable Solutions Through Open-source Collaboration” by Brian Vandecoevering, Senior Director of Strategic Technology Partnerships of AMI. Tuesday, April 29, 2025, from 16:40 PM – 17:00 PM IST in Liffey Hall 1 on Level 1

In addition, during the Summit AMI will join the CHIPS Alliance (Common Hardware for Interfaces, Processors and Systems) in Booth A13, to share how open-source silicon is helping to accelerate chip design. The CHIPS Alliance seeks to develop and host high quality, open-source hardware code (IP cores), interconnect IP, open-source firmware and software development tools for design, verification, and more. The Alliance is supported by the Linux Foundation and endeavors to provide a barrier-free collaborative environment, with the goal of lowering the cost of developing IP and tools for hardware development.

Together with the Alliance, AMI will provide a demo of Caliptra – a project that originated with OCP for datacenter-class SoCs like CPUs, GPUs, DPUs and TPUs. The Caliptra project outlines the specification, silicon logic, ROM and firmware for implementing a Root of Trust for Measurement (RTM) block inside an SoC, giving it Identity, Measured Boot and Attestation capabilities. We encourage the open compute community to visit the CHIPS Alliance booth to learn more about how to get involved and collaborate in these efforts.

Sanjoy Maity, AMI CEO, commented that “OCP continues to do extremely important work to help make the next generation of data centers that will push the boundaries of AI and HPC more sustainable and efficient. Our boot and manageability firmware, as well as our data center management technologies, are at the core of this open-source-driven movement towards a more sustainable future – ushering in this next generation of sustainable data centers with intelligent firmware. Our roster of presentations and demos highlight our broad involvement and commitment to OCP and the open compute ecosystem, and we look forward to welcoming guests to Booth B6 for another exciting OCP EMEA Summit.”

Are you attending the OCP EMEA Summit 2025 in Dublin next week? We would welcome an opportunity to meet with you – so contact us to schedule a meeting today!

The post AMI at Open Compute Project (OCP) EMEA Summit 2025 appeared first on AMI.

AMI, the global leader in Dynamic Firmware for worldwide computing, is honored to once again participate as an Exhibitor in the Embedded World Exhibition & Conference.

The 2025 edition kicks off next week in Nuremberg, Germany, from March 11-13, with AMI present in Hall 5, Booth 5-243. As ever, the AMI booth will feature an exciting array of product demonstrations and deep dives into new product features along with recent AMI innovations for key technologies and market trends.

Also, AMI will celebrate several important milestones in 2025 surrounding our participation at Embedded World and within the embedded market. Let’s look more closely at these different milestones, by the numbers:

• 40: 2025 represents the 40th anniversary of AMI’s business operations – delivering the best in firmware innovations to the industry since 1985!
• 20+: Celebrating 20+ years of partnership with Kontron, a global leader in smart IoT solutions
• 20: Celebrating 20 years of partnership with congatec, a leading global provider of high-performance COMs, software and services for embedded and edge computing solutions
• 20: Marking the 20th year of AMI’s participation as an Exhibitor at Embedded World
• 12: Number of solution partners exhibiting their AMI-powered solutions in the AMI Partner Hardware Showcase in AMI’s booth 5-243

“Our teams from Germany and the U.S. are looking forward to another great year of showcasing AMI’s capabilities and making new connections at Embedded World,” says Julien Witassek, Managing Director of AMI Germany. “For four decades, our firmware solutions have been at the core of nearly every meaningful technology company – found in embedded devices, servers, data centers and more. We look forward to continuing this journey of innovation for the next 40 years and beyond, bringing more dynamic solutions to the embedded market and contributing to more scalable, secure and sustainable compute environments.”

Are you attending Embedded World and seeking an opportunity to meet with AMI to discuss a project? Would you like to get a better understanding of how AMI can take your designs to the next level of efficiency and performance? We have a limited number of complimentary guest passes still available and would welcome an opportunity to meet with you. Contact us to schedule a meeting today!

As we have done for the last 20 years, AMI looks forward to welcoming the embedded community at Embedded World 2025 in Hall 5, Booth 5-243!

The post AMI Celebrates a Legacy of Innovation and Lasting Partnerships at Embedded World 2025 appeared first on AMI.

To assist in securing AMI’s OEM/ODM partner systems and their customers who have deployed those systems, AMI and Microsoft have released an open-source patch for platforms running AMI’s Aptio® V UEFI BIOS Firmware on Windows® that were produced and put into service with a test version of the Platform Key (PK).

This patch should serve as mitigation to CVE-2024-8105, also referred to as “PKFail”. The mitigation is licensed and distributed as open source, with no guarantee or support from Microsoft, AMI or other affiliates. In the case of multiple system deployment, the patch should be tested prior to installation across all systems.

ODMs, OEMs, CSPs, Tier 2/3 datacenters, and individual users of Aptio V UEFI BIOS can determine if they have a test version of the PK running by leveraging the Windows Powershell script provided with the mitigation.

Downloads of the patch can be found at https://github.com/CERTCC/PKfail/.

The post AMI and Microsoft Announce Patch for Systems Deployed with UEFI Test Keys appeared first on AMI.

Starting with the Opening Gala on Monday evening, AMI will welcome visitors to Booth #4715 during the SC24 Exhibitor Forum, where they can expect exciting, in-depth looks at our latest product developments, hands-on demonstrations, insightful presentations and much more.

AMI thought leaders will also deliver a pair of presentations during the Exhibitor Forum to spotlight how AMI’s comprehensive technology platform is At the Core of Innovation, powering HPC with secure AI server manageability and more. See below for details on each of AMI’s presentations:

• “From Architecture to Datacenter Integration: Manageability in AI Servers and Datacenters” by Sanjoy Maity, Chief Executive Officer of AMI on Tuesday, November 19, 2024, from 2:30 PM – 3:00 PM EST in Room B206
• “Advancing Arm Custom Silicon for High-Performance Computing with Open-Source Firmware” by Zach Bobroff, VP of Strategic Market Development & Product Management on Wednesday, November 20, 2024, from 11:30 AM – 12:00 PM EST in Room B206

For a full week, the Georgia World Congress Center will transform into the hub of the HPC community as it gathers for an exhilarating week of sessions, speakers, and networking. At SC24, attendees can expect to encounter a broad range of topics at the forefront of HPC, including cutting edge hardware, advanced software solutions, data management infrastructure, large research projects, and community efforts supporting these initiatives.

AMI looks forward to welcoming the HPC community to SC24 and our hometown of Atlanta in just a few days. For those interested in booking a meeting with us at the event, please visit our AMI at SC24 preview page and request to schedule a meeting today. We hope to see you next week in Atlanta!

The post AMI at SC24: At the Core of Innovation, Powering HPC with Secure AI Server Manageability appeared first on AMI.

Tom McCarthy

Product Marketing Manager

• LinkedIn

On October 10, 2024, the highly anticipated Cyber Resilience Act (CRA) was adopted by the European Commission (EU) Council. The new law provides for a 36-month period after signing and publication before the requirements in the act will be enforced. However, the CRA goes into force only 20 days after its publication. Signing and publication are projected to take place in the coming weeks.

Enterprises Must Start Designing for the CRA Now

What does this mean for companies that produce and ship critical products with digital elements (PDEs)? Starting in late 2027, the EU will begin enforcing CRA requirements on products that started shipping 20 days after publication, in 2024. Developers and manufacturers should plan accordingly to ensure compliance and avoid any potential fines or disruptions in shipping, come late 2027.

Changes in Technology and Practice are Required 

Included in CRA requirements are key elements that should be addressed as initial units are shipped before the 2027 enforcement date. Through the CRA’s definition of “software”, any “part of an electronic system that consists of computer code” will need to have an associated software bill of materials (SBOM) and be resilient from cyber-attacks. This includes all firmware, as it is the foundational computer code for all electronic systems.

Firmware Must be Resilient

To ensure compliance in late 2027, developers of PDEs must design capabilities to detect corrupted firmware at power-on, prevent firmware corruption during runtime, and recover corrupted firmware to a trusted firmware image. Additionally, all versions of firmware running on PDEs must have an associated SBOM where vulnerabilities can be traced and managed.

How AMI Can Help?

Aligning with these requirements, AMI offers products and services that help our customers comply with the EU CRA, along with other international standards and regulations. This includes firmware with all associated SBOMs, vulnerability management through our Product Security Incident Response Team (PSIRT) and AMI’s Tektagon Platform Root of Trust (PRoT) solution for platform firmware resilience.

Customers should contact their associated AMI sales representative to learn more about how AMI can help them comply with the CRA and other cyber security regulations.

 

 

 

 

The post The European Union Cyber Resilience Act Has Arrived appeared first on AMI.

Through this collaborative partnership, AMI’s Tektagon seamlessly integrates with Samsung Knox to ensure that confidential and sensitive data stays safe at every layer of the device through real-time threat detection and collaborative protection, while providing the highest level of security against firmware-injected malware to help prevent ransomware and denial of service attacks.

“As a leading supplier of endpoint technology to global government and commercial industries, Samsung is committed to securing its platforms at all levels,” said Dr. Hark-Sang Kim, EVP & Head of New Computing R&D Team, Mobile eXperience Business at Samsung Electronics. “Integrating AMI’s Tektagon solution into our latest Galaxy Books provides powerful and comprehensive protection at the platform’s foundation.”

The Samsung Knox platform leverages the motherboard’s existing embedded processor to provide a hardware-backed secure platform, which includes AMI’s Tektagon security technology. Thanks to AMI’s leading capabilities as a firmware provider, the need for additional components is reduced while hardware-rooted security is still seamlessly delivered.

“AMI is extremely proud of our work integrating our Tektagon Platform Root of Trust solution into Samsung Galaxy Book series notebooks,” said Stefano Righi, Senior Vice President of the AMI Global Software and Security Group. “Together Samsung and AMI are helping to reduce the cyber threat landscape, securing business endpoints around the world from malicious attacks.”

The Samsung Galaxy Book5 Pro 360, Galaxy Book4 Pro, Galaxy Book4 Pro 360 and Galaxy Book4 Ultra with AMI Tektagon Platform Root of Trust are available today and can be ordered directly from Samsung.

Follow AMI on LinkedIn and Twitter/X to receive the latest news and announcements.

AMI® and Tektagon™ are registered trademarks/trademarks of AMI in the US and/or elsewhere. Galaxy Book and Knox are trademarks of Samsung Electronics Co. Ltd. in the United States and other countries. All other trademarks and registered trademarks are the property of their respective owners.

The post AMI Partners with Samsung to Bring Firmware Security to PCs appeared first on AMI.

AMI’s focus remains on offering the most comprehensive UEFI solutions in the industry that empower Arm platform vendors to easily attain multi-OS support, such as Ubuntu® and Windows® IoT OS, and industry-standard certifications like Arm SystemReady, Windows Logo, Ubuntu Certified and the Firmware Test Suite (FWTS) from Canonical. By offloading firmware development, validation and support responsibilities to AMI, vendors can concentrate on developing end-user features that set their technologies apart.

“We warmly welcome AMI into our NXP Semiconductors Partner Program and look forward to new engagements in an expanding market,” said Jeff Steinheider, Vice President and General Manager, Industrial Edge Processing, NXP Semiconductors. “AMI’s comprehensive UEFI solutions complement NXP’s Arm-based MPU offerings, making it easier for customers to develop solutions across computing, smart home, and industrial markets.”

“AMI has always taken great pride in its support for the embedded solutions ecosystem, forming partnerships with leading companies across diverse verticals and applications. Our participation in the NXP Semiconductors Partner Program is a clear indication of our ongoing commitment to ensure that our dynamic Aptio UEFI Firmware meets the rigorous demands of the Arm embedded marketplace,” commented Srivatsan Ramachandran, Senior Vice President for Global Strategic Alliance and Ecosystem Development of AMI.

Follow AMI on LinkedIn and X/Twitter to receive the latest news and announcements.

AMI®, Aptio®, MegaRAC® and Tektagon™ are registered trademarks/trademarks of AMI in the US and/or elsewhere. Arm® is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. Windows® is a registered trademark of Microsoft Corporation in the US and/or other countries. Ubuntu® is a registered trademark of Canonical Ltd in the US and/or other countries. All other trademarks and registered trademarks are the property of their respective owners.

The post AMI Joins NXP Semiconductors Partner Program to Bolster Support for Embedded Arm Solutions appeared first on AMI.

Thomas McCarthy

Product Marketing

• LinkedIn

In an effort to greatly reduce the threat of device tampering of compute devices that are in transit from manufacturing to their end-user application, AMI and Colorado State University have created a methodology to secure platform firmware in a Cerberus framework.  This process is being presented in a paper entitled, “The PIT-Cerberus Framework: Preventing Device Tampering During Transit” at the 24^th IEEE International Conference on Software Quality, Reliability and Security (QRS 2024).

IEEE QRS

The IEEE QRS Conference pulls scientists and engineers in industry and academia together into a single forum to present work related to the best and most efficient techniques for the development of reliable, secure, and trustworthy systems.  Program selection involves a detailed review by 3 committee members across a pool of 209 other papers.  AMI and Colorado State’s methodology for preventing device tampering during transit was one of 50 papers selected to be presented at the conference.

Protection in Transit (PIT)

In order to tamper with or modify device platform firmware in transit, a hacker would need to either write to the firmware’s storage location or physically replace the firmware code. This paper addresses writing to the firmware storage location, which necessitates the device being booted up to a minimal state where firmware memory I/O is enabled.  Therefore, securing platform firmware requires that the first boot of the BIOS/UEFI or BMC following shipping is exclusive to the authorized downstream user.

To achieve this, AMI and Colorado State propose a mechanism where the device manufacturer implements a BIOS or BMC lock post-production that can only be unlocked by a Hardware Root of Trust (HRoT) device during the BIOS/UEFI or BMC boot process.  Unlocking of the BIOS or BMC firmware would only occur after a successful authentication by the HRoT.

Extension of Project Cerberus

This methodology is an extension of the Project Cerberus, open-source initiative that establishes a hardware root of trust for servers.  Adopting the protection in transit (PIT) methodology greatly enhances Cerberus security; where today it focuses on attestation of platform firmware at boot and during runtime, Cerberus does not currently address user authentication.

Efforts by AMI and Colorado State University

In order to ensure the highest level of security for the PIT-Cerberus framework, AMI and Colorado State have leveraged strong data encryption techniques and have implemented the solution within a trusted HRoT microcontroller. These efforts put forth by AMI and Colorado State can be sampled through the PIT-Cerberus framework’s libraries, available on Project Cerberus today.

The presentation of “The PIT-Cerberus Framework:  Preventing Device Tampering During Transit” paper can be seen July 1^st through the 5^th at the IEEE QRS, Churchill College, University of Cambridge, UK. 

This paper will be available to read in the IEEE Xplore digital library upon approval.

The post AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security appeared first on AMI.