OCP Announces V1.0 of Security Requirements Documents, improving security and trust for future OCP servers with hardware root-of-trust

AUSTIN, Texas, Nov. 10, 2020 /PRNewswire/ -- The Open Compute Project Foundation (OCP) is excited to announce version 1.0 of the Root of Trust (RoT) specification. This model is based on the concept that every OCP device must first have a RoT responsible for verifying the device firmware at boot time, keeping it authentic & secure during updates, and recovering it when a corruption occurs.

OCP is also excited to announce that many member companies, including Kameleon Security, Nuvia Inc., Rambus, and ASPEED Technology, have announced their plans to support the OCP Security specifications.

"Root of Trust is foundational to establishing a trusted platform. This specification and the future attestation and boot specifications from the OCP Security Project will result in best-in-class platform security. In the future, anyone deploying OCP Accepted^tm products are assured they are deploying a secure & trusted system to run their business," states Bill Carter, CTO for the Open Compute Project. 

"ASPEED Technology supports the efforts of the OCP Security project and would take the recommendations into our BMC and Security Products. We're looking forward to making security a top priority by providing products that meet or exceed the OCP Security requirements," said Dwaka Partani, VP and General Manager at ASPEED Technology.

"Kameleon has been an active contributor to the Open Compute Security project from day one, and we're looking forward to raising the bar for data center security, and delivering security from the hardware up. This week, we're also happy to announce our collaboration with Xilinx to deliver our ProSPU, a proactive Security Processing Unit that will be an OCP-compliant RoT, and expand that into run-time server protection," said Yigal Edery, VP Products of Kameleon.

The OCP Security project has defined two RoT components. The Platform Active RoT (PA RoT) is the "main" root of trust for the platform. It is responsible for verifying the system firmware, and for verifying the integrity of the peripherals. The other one is the Active Component RoT (AC RoT), which resides on every peripheral, verifies the integrity of that specific peripheral, and should report back, in a process called attestation, to the platform to prove its integrity. The process for doing that is called peripheral attestation.

Please refer to the blog "OCP Security Announces version 1.0 specs for Root of Trust" authored by Yigal Edery, VP Products, Kameleon Security & Rajeev Sharma, Director of Software & Technologies at Open Compute Project, to get more information on the Root Of Trust speciation along with the release of the following specifications.

1. Secure Boot - covers the requirements needed in order to be able to verify firmware integrity during boot.
2. Peripheral Attestation - covers the requirements for having a unique identity for every device, and the ability to securely communicate device measurements from the AC RoT to the PA RoT.
3. Threats Scope - a document that explains the various threat vectors being defended against, and helps map each of them to relevant feature requirements in the specs.

OCP looks forward to the Community eco-system embracing these specifications and delivering secure servers & solutions to the market.

About OCP
The Open Compute Project Foundation (OCP) was initiated in 2011 with a mission to apply the benefits of open source and open collaboration to hardware and rapidly increase the pace of innovation in, near and around the data center's networking equipment, general purpose and GPU servers, storage devices and appliances, and scalable rack designs. OCP's collaboration model is being applied beyond the data center, helping to advance the telecom industry & EDGE infrastructure.  

Media Contact
Dirk Van Slyke
Open Compute Project Foundation
Vice President, Chief Marketing Officer
[email protected] 
Office: +1 281-667-4644
Mobile: +1 303-999-7398
(Central Time Zone/CST/Houston, TX)

SOURCE Open Compute Project Foundation