RESEARCH PAPER: Demystifying Server Root of Trust

By Matt Kimball, Patrick Moorhead - September 25, 2017
Secure data begins with secure infrastructure. Protecting infrastructure begins with not only making sure it will operate as expected but also with the confidence that all the necessary firmware needed to run the system remains secure.
Root of Trust (RoT) is ideally based on a hardware-validated boot process to ensure the system can only be started using code from an immutable source1. This involves an anchor for the boot process rooted in hardware that cannot be updated or modified in any way. When combining this foundation with a cryptographically secured signature, there are no easily accessible gaps for hackers to exploit. Similar to a proof by induction, the entire server state will stay well known, as long as that initial element tests the next element, and so on.
You can download the paper here.

Table of Contents:

  • Executive Summary
  • Securing The Datacenter Is More Complex Than Ever
  • Your Security Strategy Is Lacking
  • The Threats Are Not Always External
  • Root Kit Attacks Take Many Forms
  • Root Of Trust Simplified - It All Starts Here
  • UEFI Secure Boot
  • Trusted Platform Module
  • Intel Trusted Execution Technology (Intel TXT) & BootGuard
  • AMD Secure Root-Of-Trust Technology
  • HPE Silicon Root Of Trust
  • Root Of Trust Is The Foundational Building Block To A Secure Datacenter
  • Orchestration Closes Gaps
  • Trust The Experts
  • MI&S Perspective
  • Call To Action
  • Figure 1: Ring Architecture Shown
  • Figure 2: Trusted Boot Via UEFI
  • Figure 3: HPE Silicon Root Of Trust

Companies Cited:

  • AMD
  • HPE
  • Information Systems Audit and Control Association (ISACA)
  • Intel
  • Microsoft
  • Niara
  • Ponemon Institute
  • Sony
  • U.S. National Security Agency
 
Matthew Kimball
+ posts

Matt Kimball is a Moor Insights & Strategy senior datacenter analyst covering servers and storage. Matt’s 25 plus years of real-world experience in high tech spans from hardware to software as a product manager, product marketer, engineer and enterprise IT practitioner.  This experience has led to a firm conviction that the success of an offering lies, of course, in a profitable, unique and targeted offering, but most importantly in the ability to position and communicate it effectively to the target audience.

Patrick Moorhead
+ posts

Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights)  in “press citations” (Apollo Research). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.