Server Silicon Root of Trust
Software-defined security builds on virtual network functions abstracted from the hardware layer to supply more functionality such as micro-segmentation, which adds new layers of security and control. While much of the security infrastructure can be virtualized, to further reduce vulnerabilities, a requirement for hardware-based encryption evolved from Trusted Platform Group, an ISO/IEC consortium for Trusted Platform Module, and continues with the Google OpenTitan initiative.
How it Works
Silicon Root of Trust (RoT) design can be integrated into data center servers, storage devices, peripherals and other hardware. Silicon Root of Trust is type of hardware-based encryption which creates an immutable fingerprint based in hardware that verifies driver and firmware code is valid and uncompromised. A root of trust based in hardware is the security foundation for a system on a chip (SoC), or other semiconductor device or electronic system. The hardware root of trust contains the keys for cryptographic functions and is usually a part of a Server secure boot process providing the foundation for the software chain of trust necessary to protect OS operation, firmware and drivers.
WHY YOU NEED SERVERS?
Initially requested by Federal and SLED agencies as part of their request for proposals for servers (and other IT products), which meant it required the manufacturer to properly implement the functionality and have it certified by authorized agencies. Financial Services, Retail, Healthcare and other verticals also value and beginning to require it. It can be difficult to achieve since many manufacturers buy off the shelf components outside the United States which may have their own firmware code or firmware written to the components without any anchor point making the product as a whole more vulnerable to firmware breach and other exploits.
BENEFITS OF SERVERS
Protection from malware and critical vulnerability exploits
Preventing compromises in component supply chain
Hardware-based security for validation of firmware and drivers
Levels of control for boot and recovery if compromised
Lower cost to IT and the business due to compromise