Microsoft, a Platinum tiered member of Open Community Project has announced Project Olympus. This will accelerate open hardware designs, innovation & infrastructure.
Project Olympus is Microsoft’s next generation hyperscale cloud hardware design and a new model for open source hardware development. The hardware focuses on modularity, cost and power efficiency, and global datacenter interoperability. The Project Olympus contribution to OCP will consist the following:
With Project Olympus, Microsoft will bring more choice and flexibility to adopters, suppliers and innovators by showcasing modularity of this contribution. The “building blocks” that make up this contribution can allow for adopters and suppliers to independently piece together these blocks to meet specific datacenter configurations and design needs.
Microsoft’s Project Olympus is now 100 percent complete and open sourced via OCP contributions, according to the company.
Microsoft first introduced Project Olympus last year. And in that time, the server design wasn’t quite complete. The company instead decided to release the first version to allow the community to build innovations around the initial product.
But now, Project Olympus is entering a new phase. The biggest change is that Microsoft has introduced Project Cerberus, a new open source project for platform security to be collaboratively developed with the OCP community. This also means there will be new capabilities available to users.
Project Cerberus, provides a critical component for security protection that to date has been missing from server hardware – protection, detection and recovery from attacks on platform firmware. Project Cerberus envisions that data can be processed in the cloud with the confidence that it’s running on hardware with uncompromised firmware.
The project will strengthen cybersecurity thereby adding value to both Microsoft and the OCP community. Microsoft spends one billion dollars per year on cybersecurity, and much of that goes to making Azure the most trusted cloud platform. From strict physical datacenter security, working to ensure data privacy, encrypting data at rest and in transit, novel uses of machine learning for threat detection, and the use of stringent operational software development integrity controls, Azure represents the cutting edge of cloud security and privacy.
Project Cerberus is a NIST 800-193 compliant hardware root of trust specifically designed to provide robust security for all platform firmware. It provides a hardware root of trust for firmware on the motherboard (UEFI BIOS, BMC, Options ROMs) as well as on peripheral I/O devices by enforcing strict access control and integrity verification from pre-boot and continuing to runtime. Specifically, Project Cerberus can help defend platform firmware from the following threats:
Project Cerberus consists of a cryptographic microcontroller running secure code which intercepts accesses from the host to flash over the SPI bus (where firmware is stored), so it can continuously measure and attest these accesses to ensure firmware integrity and hence protect against unauthorized access and malicious updates. This enables robust pre-boot, boot-time and runtime integrity for all the firmware components in the system. The specification is CPU and I/O architecture agnostic and is intended to easily integrate into various vendor designs over time, thus enabling more secure firmware implementations on all platform types across the industry, ranging from datacenter to IoT devices. The specification also supports hierarchical root of trust so that platform security can be extended to all I/O peripherals using the same architectural principles. It is also learned that Microsoft is collaborating with Intel to bring improvements on hardware architectures. The implementation & usefulness of this could well be seen in mobile processing wherein Secure Processing Unit architecture has been introduced by several mobile processor OEMs.
References :-
Microsoft announces Cerebrus.
Understanding Secure Processing Unit
Project Olympus is Microsoft’s next generation hyperscale cloud hardware design and a new model for open source hardware development. The hardware focuses on modularity, cost and power efficiency, and global datacenter interoperability. The Project Olympus contribution to OCP will consist the following:
- a new Universal motherboard
- high availability power supply with included batteries
- 1U/2U server chassis
- high-density storage expansion
- a new Universal rack power distribution unit for global datacenter interoperability
- a standards compliant rack management card.
With Project Olympus, Microsoft will bring more choice and flexibility to adopters, suppliers and innovators by showcasing modularity of this contribution. The “building blocks” that make up this contribution can allow for adopters and suppliers to independently piece together these blocks to meet specific datacenter configurations and design needs.
Microsoft’s Project Olympus is now 100 percent complete and open sourced via OCP contributions, according to the company.
Microsoft first introduced Project Olympus last year. And in that time, the server design wasn’t quite complete. The company instead decided to release the first version to allow the community to build innovations around the initial product.
But now, Project Olympus is entering a new phase. The biggest change is that Microsoft has introduced Project Cerberus, a new open source project for platform security to be collaboratively developed with the OCP community. This also means there will be new capabilities available to users.
Project Cerebrus
Project Cerberus, provides a critical component for security protection that to date has been missing from server hardware – protection, detection and recovery from attacks on platform firmware. Project Cerberus envisions that data can be processed in the cloud with the confidence that it’s running on hardware with uncompromised firmware.
The project will strengthen cybersecurity thereby adding value to both Microsoft and the OCP community. Microsoft spends one billion dollars per year on cybersecurity, and much of that goes to making Azure the most trusted cloud platform. From strict physical datacenter security, working to ensure data privacy, encrypting data at rest and in transit, novel uses of machine learning for threat detection, and the use of stringent operational software development integrity controls, Azure represents the cutting edge of cloud security and privacy.
Project Cerberus is a NIST 800-193 compliant hardware root of trust specifically designed to provide robust security for all platform firmware. It provides a hardware root of trust for firmware on the motherboard (UEFI BIOS, BMC, Options ROMs) as well as on peripheral I/O devices by enforcing strict access control and integrity verification from pre-boot and continuing to runtime. Specifically, Project Cerberus can help defend platform firmware from the following threats:
- Malicious insiders with administrative privilege or access to hardware
- Hackers and malware that exploit bugs in the operating system, application, or hypervisor
- Supply chain attacks (manufacturing, assembly, in-transit)
- Compromised firmware binaries.
Project Cerberus consists of a cryptographic microcontroller running secure code which intercepts accesses from the host to flash over the SPI bus (where firmware is stored), so it can continuously measure and attest these accesses to ensure firmware integrity and hence protect against unauthorized access and malicious updates. This enables robust pre-boot, boot-time and runtime integrity for all the firmware components in the system. The specification is CPU and I/O architecture agnostic and is intended to easily integrate into various vendor designs over time, thus enabling more secure firmware implementations on all platform types across the industry, ranging from datacenter to IoT devices. The specification also supports hierarchical root of trust so that platform security can be extended to all I/O peripherals using the same architectural principles. It is also learned that Microsoft is collaborating with Intel to bring improvements on hardware architectures. The implementation & usefulness of this could well be seen in mobile processing wherein Secure Processing Unit architecture has been introduced by several mobile processor OEMs.
References :-
Microsoft announces Cerebrus.
Understanding Secure Processing Unit
Comments
Post a Comment