Universal Platform Firmware Resiliency (PFR) – Servers

NIST SP 800 193 Standard Based Implementation: Robust Security in Hardware, Comprehensive Coverage

The National Institute of Standards and Technology (NIST) released the NIST SP 800 193 specification in 2018, which defines a uniform security mechanism known as Platform Firmware Resilience (PFR). PFR, using a hardware-based solution, is a new approach to securing enterprise server firmware that comprehensively prevents attacks on all firmware in a server.

PFR addresses the vulnerability of enterprise servers that contain multiple processing components, each having its own firmware. This firmware can be attacked by hackers who may surreptitiously install malicious code in a component’s flash memory that hides from standard system-level detection methods and leaves the system permanently compromised. The specification is based on three guiding principles:

  1. Protection – Lattice has demonstrated state machine-based algorithms that offer Nanosecond response time in detecting security breaches into the SPI memory. This prevents unauthorized access to modify any of the firmware in SPI memory. The solution is customizable through simple easy to use databases. Using secure communication with the PFR algorithm, the BMC will be able to authorize modifications to SPI memory to support in-system updates.
  2. Detection – Elliptic Curve Cryptography (ECC) based measurements made on the firmware stored in each of the SPI memory detects all unauthorized modifications to it. The detection method is independent of the existing firmware security approaches used in that design. Using the integrated board power management function, it is possible to detect any unauthorized modifications to firmware before the board is started up.
  3. Recovery – If a security breach is detected, Lattice’s implementation provides a customizable recovery mechanism. This mechanism can perform a simple rollback to a previous version of firmware, or a full blown recovery to the latest authorized version of the firmware. The Power Management and Control PLD algorithm can be customized to respond to the nature of the breach to implement the full trusted recovery process for any Board.

Implementation Features

  • Scalable – Protect, with nanosecond level response all firmware on the board. The solution can also protect other add-in sub systems through secure communication with the corresponding roots of trust
  • Non-By-passable – As this solution implements the full power sequencing for the server board along with the PFR implementation, it cannot be by passed
  • Self-Protecting – The PFR implementation uses a revolutionary Root-of-Trust FPGA as an anchor. This FPGA can dynamically control its attack surface and protects itself form external attacks
  • Self-Detecting – The Root-of-Trust FPGA can detect any security breach of its configurations by using a non-by-passable cryptographic hardware block.
  • Self-Recovery – The Root-of-Trust FPGA can switch over to the golden image automatically when it discovers a breach to its active configuration

Contact us to get details of the PFR implementation.

PFR Implementation Block Diagram


Platform Firmware Resilience (PFR)Expand Image

Platform Firmware Resilience (PFR)

Learn how to implement PFR that meets the new NIST SP 800913 standard for in your server system using a Lattice Root of Trust FPGA solution.


Information Resources
Securing Enterprise Server Firmware: A New Approach
WP0016 1.0 10/25/2018 PDF 828.8 KB

Like most websites, we use cookies and similar technologies to enhance your user experience. We also allow third parties to place cookies on our website. By continuing to use this website you consent to the use of cookies as described in our Cookie Policy.
辽宁彩票35选7 北京pk拾赛车交流群 期货配资分仓合法吗 浙江11选5怎么玩最简单 姚记棋牌申请优惠政策 血流麻将规则怎么玩 快乐飞艇开 内蒙麻将网游 北京赛车开奖结果记录 网上如何赚钱 快乐十分奖金表格 3d开奖结果乐彩网 东京热在线无码高清 最新捕鱼游戏手机版 大众麻将游戏机 吉林快三手机计划 26选5有几种玩法