RESEARCH PAPER: Demystifying Server Root of Trust

Secure data begins with secure infrastructure. Protecting infrastructure begins with not only making sure it will operate as expected but also with the confidence that all the necessary firmware needed to run the system remains secure.

Root of Trust (RoT) is ideally based on a hardware-validated boot process to ensure the system can only be started using code from an immutable source1. This involves an anchor for the boot process rooted in hardware that cannot be updated or modified in any way. When combining this foundation with a cryptographically secured signature, there are no easily accessible gaps for hackers to exploit. Similar to a proof by induction, the entire server state will stay well known, as long as that initial element tests the next element, and so on.

You can download the paper here.

Table of Contents:

  • Executive Summary
  • Securing The Datacenter Is More Complex Than Ever
  • Your Security Strategy Is Lacking
  • The Threats Are Not Always External
  • Root Kit Attacks Take Many Forms
  • Root Of Trust Simplified – It All Starts Here
  • UEFI Secure Boot
  • Trusted Platform Module
  • Intel Trusted Execution Technology (Intel TXT) & BootGuard
  • AMD Secure Root-Of-Trust Technology
  • HPE Silicon Root Of Trust
  • Root Of Trust Is The Foundational Building Block To A Secure Datacenter
  • Orchestration Closes Gaps
  • Trust The Experts
  • MI&S Perspective
  • Call To Action
  • Figure 1: Ring Architecture Shown
  • Figure 2: Trusted Boot Via UEFI
  • Figure 3: HPE Silicon Root Of Trust

Companies Cited:

  • AMD
  • HPE
  • Information Systems Audit and Control Association (ISACA)
  • Intel
  • Microsoft
  • Niara
  • Ponemon Institute
  • Sony
  • U.S. National Security Agency