The Open Compute Project is adding chip security to the range of data center technologies covered by its open source specifications, developed largely for and by hyperscale cloud platforms. Kameleon and Xilinx, which is in the process of being acquired by AMD, are among the first chip makers on board.
Last week, OCP released version 1.0 of the OCP Root of Trust specification. It’s an attempt to protect devices against firmware attacks, Amr Ahmed, managing director at EY Consulting Services at Ernst & Young, said.
“Since the release of flash memory, all vendor development to the firmware is done in flash,” he told DCK. “That made it more vulnerable… If firmware is sitting on flash, I can manipulate it.”
The new specification requires that the firmware be authenticated when devices boot up, when they’re updated, and when they recover, he said. “That is really an excellent concept.”