Universal Platform Firmware Resiliency (PFR) – Servers

NIST SP 800 193 Standard Based Implementation: Robust Security in Hardware, Comprehensive Coverage

The National Institute of Standards and Technology (NIST) released the NIST SP 800 193 specification in 2018, which defines a uniform security mechanism known as Platform Firmware Resilience (PFR). PFR, using a hardware-based solution, is a new approach to securing enterprise server firmware that comprehensively prevents attacks on all firmware in a server.

PFR addresses the vulnerability of enterprise servers that contain multiple processing components, each having its own firmware. This firmware can be attacked by hackers who may surreptitiously install malicious code in a component’s flash memory that hides from standard system-level detection methods and leaves the system permanently compromised. The specification is based on three guiding principles:

  1. Protection – Lattice has demonstrated state machine-based algorithms that offer Nanosecond response time in detecting security breaches into the SPI memory. This prevents unauthorized access to modify any of the firmware in SPI memory. The solution is customizable through simple easy to use databases. Using secure communication with the PFR algorithm, the BMC will be able to authorize modifications to SPI memory to support in-system updates.
  2. Detection – Elliptic Curve Cryptography (ECC) based measurements made on the firmware stored in each of the SPI memory detects all unauthorized modifications to it. The detection method is independent of the existing firmware security approaches used in that design. Using the integrated board power management function, it is possible to detect any unauthorized modifications to firmware before the board is started up.
  3. Recovery – If a security breach is detected, Lattice’s implementation provides a customizable recovery mechanism. This mechanism can perform a simple rollback to a previous version of firmware, or a full blown recovery to the latest authorized version of the firmware. The Power Management and Control PLD algorithm can be customized to respond to the nature of the breach to implement the full trusted recovery process for any Board.

Implementation Features

  • Scalable – Protect, with nanosecond level response all firmware on the board. The solution can also protect other add-in sub systems through secure communication with the corresponding roots of trust
  • Non-By-passable – As this solution implements the full power sequencing for the server board along with the PFR implementation, it cannot be by passed
  • Self-Protecting – The PFR implementation uses a revolutionary Root-of-Trust FPGA as an anchor. This FPGA can dynamically control its attack surface and protects itself form external attacks
  • Self-Detecting – The Root-of-Trust FPGA can detect any security breach of its configurations by using a non-by-passable cryptographic hardware block.
  • Self-Recovery – The Root-of-Trust FPGA can switch over to the golden image automatically when it discovers a breach to its active configuration

Contact us to get details of the PFR implementation.

PFR Implementation Block Diagram

Video

Platform Firmware Resilience (PFR)Expand Image

Platform Firmware Resilience (PFR)

Learn how to implement PFR that meets the new NIST SP 800913 standard for in your server system using a Lattice Root of Trust FPGA solution.

Documentation

Information Resources
TITLE NUMBER VERSION DATE FORMAT SIZE
Securing Enterprise Server Firmware: A New Approach
WP0016 1.0 10/25/2018 PDF 828.8 KB


Like most websites, we use cookies and similar technologies to enhance your user experience. We also allow third parties to place cookies on our website. By continuing to use this website you consent to the use of cookies as described in our Cookie Policy.
辽宁彩票35选7 无人机概念股 日本av女快播伦理电影 老人麻将连连看下载 河北时时彩 上海麻将胡牌公式 打三人麻将技巧 下载四川麻将开挂辅助器 水果大爆发 推荐几个漂亮的av女优 真人版美女麻将游戏 澳洲幸运5注册 东京热k系 证券公司给私募基金配资 黑龙江十一选五开奖 日本女优若槻千夏写真 正虹科技10倍股