Consistency and transparency in cloud hardware security

Ganesh Chauhan, Technical Support Specialist, Microsoft Azure.

When it comes to building the Microsoft Cloud, standardising designs for systems, boards, racks, and other components of our datacenter infrastructure is critical to enabling forward progress and innovation across the computing industry. Microsoft has contributed to and collaborated with various members of the Open Compute Project (OCP) community, the industry’s leading group dedicated to open source hardware innovation. This year, we are excited to present some of our most recent projects at the OCP Global Summit and share our lessons learned in the pursuit of a more reliable, trustworthy, and sustainable cloud. Driving industrywide standards for platform security is one of the key areas where we’ve seen continued focus and opportunity. To delve deeper into our contributions in this area, I’ve invited Mark Russinovich, CTO and Technical Fellow, Azure, and Bryan Kelly, Partner Architect, Azure Hardware Systems and Infrastructure, to share more about Microsoft’s newest security contributions to OCP that standardise the foundations of trust, integrity, and reliability in computing.

Customer workload security from the cloud to the edge

Microsoft Azure is a leader in cloud security and privacy, providing a wide range of confidential computing services to assist organisations in running workloads that keep business and customer data private and secure. As the demand for secure computing expands from the cloud to the edge, so do the demands for consistency and transparency in the security mechanisms that protect workloads. With the rise of edge computing comes an increase in the exposed attack surface, necessitating the need for more robust physical security solutions. In this context, there is a greater need for greater transparency in the infrastructure that supports these technologies and maintains hardware security promises.

Caliptra: Embedding trust in every chip

We are announcing Caliptra, an open source root of trust (RoT) that generates cryptographic proofs about the hardware protections in place for confidential workloads, at the Open Compute Project (OCP) Summit. Caliptra is a forward-thinking approach to hardware security that was developed in collaboration with security experts and industry leaders in confidential computing from AMD, Google, Microsoft, and NVIDIA. Caliptra provides trustworthy and easily verifiable attestation as a reusable open source, silicon-level block for integration into systems on a chip (SoCs) such as CPUs, GPUs, and accelerators.

Caliptra’s core security properties are what underpin the integrity of higher-level security protection for confidential workloads. The Caliptra RoT possesses the following critical security features:

  • Identity: The cryptographic identity of a single device manufacturer for attestation endorsement. The identity is consistent with TCG DICE and includes intrinsic Caliptra firmware attestation.
  • Compartmentalization: Hardware protection barriers that isolate Caliptra’s security assets
  • Measurement: Cryptographic digests that represent the SoC security configuration in a concise, cryptographically verifiable manner
  • Renewable security: The hardware’s security state can be brought forward to a secure state, and life cycle management extends through manufacturing, field operations, the circular economy, and eventually end of life.
  • Ownership: Verifies the authenticity and integrity of all mutable firmware loaded into a SoC. To ensure that integrity policies are followed, this property employs hardware-enforced digital signatures.
  • Attestation: Caliptra’s cryptographic identity is used to validate measurement claims. These measurements provide precise information about the trusted computing base’s security state.

The initial Caliptra 0.5 contribution release to OCP includes a set of specifications that cover architecture, integration, and implementation. Along with the cloud-designed firmware written entirely in Rust, an open sourced register-transfer level (RTL) code implementation of Caliptra that can be synthesised into current SoC designs will be made available. Caliptra supports the consistent scaling of confidential workloads across distributed systems with this trusted foundation designed for confidential cloud devices.

We look forward to continuing to work closely with our partners and engaging the industry to advance Caliptra, with deep ecosystem collaboration at the heart of Microsoft’s open source philosophy. The CHIPS Alliance will oversee the collaboration of Caliptra RTL and firmware projects.


Hydra: a new safe Baseboard Management Controller (BMC)

In collaboration with Nuvoton, we are also introducing Hydra, a new secure BMC. Every server system and expansion chassis, such as JBOD or GPU, typically includes a BMC. The BMC has special privileged hardware interfaces for acquiring debug data and telemetry from CPUs as a diagnostic and recovery controller. These interfaces raise security concerns because they are targets for attacks that circumvent traditional security defences.

Azure uses Cerberus, a hardware security contribution we made to OCP in 2017, to improve BMC security by enforcing firmware integrity and preventing malware persistence in the BMC. However, as threat models evolve to limit admins’ physical access to hardware, the BMC requires security properties in order to establish secure links to an external RoT.

Microsoft and Nuvoton collaborated to create a new security-focused BMC with enhanced hardware security throughout the BMC SoC. TCG DICE identity flows are supported by the silicon-integrated root of trust, which includes hardware engines for fast cryptographic operations and hardware-managed keys. The RoT includes a one-way bridge for monitoring activity and controlling the BMC security configuration, including which internal security peripherals the BMC can evaluate. This unique feature enables fine-grained BMC interface authorization, allowing scenarios in which the BMC can be granted temporary access to a debug interface only after attesting its trustworthiness.

Kirkland: a safe Trusted Platform Module (TPM)

While Microsoft provides multilayered security across our datacenters, infrastructure, and operations, we believe in defense-in-depth and believe that all interconnects should be cryptographically secured against interposer-based attack vectors. We are announcing Project Kirkland at OCP in collaboration with Google, Infineon, and Intel. Project Kirkland demonstrates how the interconnect between the TPM and CPU can be secured in a way that prevents substitution attacks, interposing, and eavesdropping by using firmware-only updates to the TPM stack and CPU RoT. We are open sourcing this methodology and intend to work with the Trusted Computing Group to standardise it, as well as with other TPM manufacturers to adopt the same methodology, so that these techniques are available to all.

A discrete TPM is a chip that is typically used to protect secrets for software running on the CPU and is conditionally released based on boot measurements from the CPU. Historically, the bus between the CPU and the TPM has been vulnerable to physical attackers attempting to falsify attested measurements or obtain TPM-bound secrets. Project Kirkland’s standards-based firmware techniques defend against such attacks by using cryptography to authenticate the caller and protect the transmission of secrets over the bus.

Cloud-scale open hardware innovation
A community-driven approach to infrastructure innovation is critical—not only for continued advancements in trust, efficiency, and scalability, but also for a larger vision of empowering the ecosystem to build for tomorrow’s computing needs.

We’re also bringing a new modular chassis (Mt. Shasta), a converged architecture that combines form factor, power, and management interface into a modular design—optimized for advanced workloads like high-performance computing, artificial intelligence, and video codecs. Mt. Shasta is designed in collaboration with Quanta and Molex to be fully compatible with Open Rack V3, with the ability to change module-module connectivity. We also worked with Intel earlier this year to contribute the Scalable I/O Virtualization (SIOV) specification to OCP. SIOV enables device and platform manufacturers to create an industry standard for hyperscale virtualization of PCI Express and Compute Express Link devices in cloud servers, allowing for more scalable, efficient, and cost-effective datacenter hardware designs.

As demand for cloud-scale computing and digital services grows, Microsoft is committing to deep ecosystem collaboration with OCP and industry partners to deliver systems and infrastructure that maximise cloud customers’ performance, trust, and resiliency.

Professional Labs is the premier cloud managed service provider in UAE. Contact us for more information       Contact Us | Professional labs (