Universal Platform Firmware Resiliency (PFR) – Servers

NIST SP 800 193 Standard Based Implementation: Robust Security in Hardware, Comprehensive Coverage

The National Institute of Standards and Technology (NIST) released the NIST SP 800 193 specification in 2018, which defines a uniform security mechanism known as Platform Firmware Resilience (PFR). PFR, using a hardware-based solution, is a new approach to securing enterprise server firmware that comprehensively prevents attacks on all firmware in a server.

PFR addresses the vulnerability of enterprise servers that contain multiple processing components, each having its own firmware. This firmware can be attacked by hackers who may surreptitiously install malicious code in a component’s flash memory that hides from standard system-level detection methods and leaves the system permanently compromised. The specification is based on three guiding principles:

  1. Protection – Lattice has demonstrated state machine-based algorithms that offer Nanosecond response time in detecting security breaches into the SPI memory. This prevents unauthorized access to modify any of the firmware in SPI memory. The solution is customizable through simple easy to use databases. Using secure communication with the PFR algorithm, the BMC will be able to authorize modifications to SPI memory to support in-system updates.
  2. Detection – Elliptic Curve Cryptography (ECC) based measurements made on the firmware stored in each of the SPI memory detects all unauthorized modifications to it. The detection method is independent of the existing firmware security approaches used in that design. Using the integrated board power management function, it is possible to detect any unauthorized modifications to firmware before the board is started up.
  3. Recovery – If a security breach is detected, Lattice’s implementation provides a customizable recovery mechanism. This mechanism can perform a simple rollback to a previous version of firmware, or a full blown recovery to the latest authorized version of the firmware. The Power Management and Control PLD algorithm can be customized to respond to the nature of the breach to implement the full trusted recovery process for any Board.

Implementation Features

  • Scalable – Protect, with nanosecond level response all firmware on the board. The solution can also protect other add-in sub systems through secure communication with the corresponding roots of trust
  • Non-By-passable – As this solution implements the full power sequencing for the server board along with the PFR implementation, it cannot be by passed
  • Self-Protecting – The PFR implementation uses a revolutionary Root-of-Trust FPGA as an anchor. This FPGA can dynamically control its attack surface and protects itself form external attacks
  • Self-Detecting – The Root-of-Trust FPGA can detect any security breach of its configurations by using a non-by-passable cryptographic hardware block.
  • Self-Recovery – The Root-of-Trust FPGA can switch over to the golden image automatically when it discovers a breach to its active configuration

Contact us to get details of the PFR implementation.

PFR Implementation Block Diagram

Video

Platform Firmware Resilience (PFR)Expand Image

Platform Firmware Resilience (PFR)

Learn how to implement PFR that meets the new NIST SP 800913 standard for in your server system using a Lattice Root of Trust FPGA solution.

Documentation

Information Resources
TITLE NUMBER VERSION DATE FORMAT SIZE
Securing Enterprise Server Firmware: A New Approach
WP0016 1.0 10/25/2018 PDF 828.8 KB


Like most websites, we use cookies and similar technologies to enhance your user experience. We also allow third parties to place cookies on our website. By continuing to use this website you consent to the use of cookies as described in our Cookie Policy.
博狗真人首页 定安县| 姜堰市| 广德县| 麻江县| 清镇市| 青浦区| 长宁区| 桂林市| 镇平县| 山东省| 永平县| 凤冈县| 离岛区| 康保县| 河津市| 宁安市| 北海市| 南丹县| 时尚| 兴山县| 嘉义市| 横山县| 南靖县| 秭归县| 太仓市| 措美县| 民权县| 西宁市| 朝阳市| 思茅市| 海原县| 民乐县| 祁东县| 南充市| 奉化市| 哈尔滨市| 乐山市| 始兴县| 绿春县| 彩票| 拉萨市| 新泰市| 正蓝旗| 西乌| 开平市| 贵南县| 新平| 洛宁县| 历史| 九江市| 巴彦县| 樟树市| 宜都市| 潍坊市| 塔河县| 丘北县| 青州市| 青冈县| 宁河县| 长垣县| 石狮市| 黄浦区| 泗洪县| 静乐县| 虞城县| 宝鸡市| 将乐县| 电白县| 武定县| 伊金霍洛旗| 保靖县| 游戏| 齐河县| 镇宁| 青冈县| 博乐市| 龙井市| 治县。| 阿勒泰市| 南丰县| 三穗县| 临泉县| 舒兰市| 林甸县| 威宁| 泗洪县| 宜春市| 微山县| 广饶县| 民勤县| 肇庆市| 汶川县| 吴忠市| 安龙县| 玉环县| 柯坪县| 梨树县| 鄂托克旗| 措勤县| 海门市| 五大连池市| 林西县| 梨树县| 南召县| 原阳县| 凤冈县| 金湖县| 常熟市| 马山县| 唐海县| 麻江县| 霍林郭勒市| 滁州市| 阳春市| 阳信县| 方城县| 工布江达县| 丰原市| 宝清县| 滨海县| 时尚| 花莲县| 石阡县| 新闻| 五原县| 巢湖市| 遂宁市| 昌邑市| 鄂尔多斯市| 徐闻县| 夹江县| 太仆寺旗| 舒城县| 平度市| 肃北| 肥东县| 灌云县|