Science

Microsoft introduces new secure firmware spec via the Open Compute Project

The Project Olympus specification is now complete and being used in product designs by hardware vendors, Microsoft announced today.

The design was shepherded as an "open source" hardware project under the auspices of the Open Compute Project (OCP), an industry coalition dedicated to fostering open datacenter technologies. Previous open source data center hardware efforts consisted of companies like Facebook and Microsoft open sourcing complete custom hardware specs, not actually having hardware designed the way a lot of open source software gets created.

According to Microsoft in 2016, "the hardware (of Project Olympus) focuses on modularity, cost and power efficiency, and global data centre interoperability". Cavium processors and solutions are supported by an extensive ecosystem of operating systems, tools, application stacks, hardware reference designs and other products.

Kushagra Vaid, general manager of Azure hardware infrastructure at Microsoft, said Project Cerberus "provides a critical component for security protection that to date has been missing from server hardware-protection, detection and recovery from attacks on platform firmware", in a November 8 announcement. Microsoft is already using it for Azure deployments.

Project Olympus hardware is now deployed in volume production with the Fv2 virtual machine (VM) family.

The Project Cerberus specifications are still being drafted, so it's not clear when it will be available, although Vaid notes that Microsoft plans to open source the specs once they are complete. Additionally, Redmond announced that commercial offerings based on the Olympus designs are now offered through Wiwynn and ZT Systems, with more providers on the way.

Microsoft unveiled its latest open hardware project called Project Cerberus, which is aimed at helping organizations harden their cloud environments against cyber-attacks, at the Zettastructure conference in London.

Microsoft meanwhile has also turned its attention to platform security with "Project Cerberus".

We're also entering the next phase of Project Olympus with the introduction of Project Cerberus - a new open sourced industry standard for platform security which will be collaboratively developed with the OCP community in a manner similar to the hardware design. If an attacker, whether it's someone from inside the business or someone hacking in from the outside, can access and then take control of the firmware of a server, they can then burrow deep into the data center itself, gaining access to nearly any data within the cloud infrastructure.

Cerberus therefore "provides a hardware root of trust for firmware on the motherboard (UEFI BIOS, BMC, Options ROMs) as well as on peripheral I/O devices by enforcing strict access control and integrity verification from pre-boot and continuing to runtime".

The software giant said the new chip and associated hardware will be able to protect firmware from some of the most risky threats around, including "malicious insiders", who are often employees that have administrative privileges or access to hardware, and hackers and malware that exploit bugs in operating systems, applications and hypervisors.

"Just as with the Project Olympus open source model, we anticipate that contributing Project Cerberus specifications will enable robust participation from the OCP ecosystem for community development amongst industry participants, and this open collaboration will lead to a more secure model for platform security which will benefit the industry", concluded Vaid.



Like this

loading...
loading...

Latest


09 November 2017
April the giraffe may be pregnant AGAIN — GMA reveal
The owner of Animal Adventure Park in NY said on Good Morning America that he "can't confirm nor deny" the possibility of April being pregnant again.

09 November 2017
Golf R Performance Pack in the UK!
The Performance Pack upgrade for the Golf R costs £2,300 and is available only on cars fitted with the DSG gearbox. Specified as such, the R's price climbs from £33,995 as standard to just over £39,000.

09 November 2017
The Golar LNG Ltd. (GLNG) Receives Buy Rating from Seaport Global Securities
Ltd. now owns 72,183 shares of the company's stock worth $1,178,000 after buying an additional 16,534 shares in the last quarter. Anchor Bolt Capital Lp decreased General Dynamics Corp (NYSE:GD) stake by 53,993 shares to 107,286 valued at $21.25M in 2017Q2.

09 November 2017
Baby orangutan at Busch Gardens
Busch Gardens Tampa Bay is welcoming its newest, three-pound addition to the park with an upcoming Facebook contest. It's expected to make its public debut soon in the Jungala area of the park.

09 November 2017
2 dead, 10 injured in Brooklyn apartment fire
Fire crews are battling flames at a three-story building located at 6709 11th Avenue near 67th Street in Dyker Heights. The Fire Marshal and NYPD Arson and Explosion Square are working to determine the cause of the fire.

09 November 2017
Scan For Analyst Views: Corning Incorporated (GLW), Bristol-Myers Squibb Company (BMY)
Staley Capital Advisers Inc. lifted its holdings in shares of Bristol-Myers Squibb by 0.3% during the first quarter. Acropolis Investment Management LLC boosted its stake in Bristol-Myers Squibb by 21.3% in the third quarter.

09 November 2017
Tactile Systems Technology, Inc. (NASDAQ:TCMD) To Release Earnings
Their average price target spell out an upbeat performance - a 53% and would give TCMD a market capitalization of almost $650.14M. The company reported $0.07 earnings per share for the quarter, beating the Thomson Reuters' consensus estimate of $0.05 by $0.02.

09 November 2017
Trending Stock Analysis: Flotek Industries Inc. (FTK)
During current year the company's forecasts over growth are -41.2% while for the next year analysts' growth estimation is 580%. Year to date (YTD) refers to the period beginning the first day of the current calendar or fiscal year up to the current date.

09 November 2017
HPCL Q2 net profit up by 147 pc to Rs 1735 cr
The refineries at Mumbai and Visakh processed 4.64 MT of crude during July to September this year, compared to 4.05 MT last year. Profit before tax of the company came in at Rs 2,588.20 crore in Q2FY18 over Rs 1,075.45 crore in Q2FY17.

09 November 2017
Corium International Inc (CORI)'s Stock Formed A Several Months Double Top
EAM Investors LLC bought a new stake in Corium International during the 2nd quarter worth approximately $563,000. Jefferies Group LLC's price objective points to a potential downside of 1.57% from the company's previous close.