In a February 2022 supply chain security report issued by the Department of Homeland Security, platform firmware was referred to as, “one of the stealthiest methods in which an attacker can compromise devices at scale.” The reason is that compromised firmware sitting on the device or system motherboard cannot be detected by security applications running on the operating system. Consequently, this quiet method of intrusion is on the rise today, with cyber criminals focused on potentially taking control of a wide array of platforms.

AMI Tektagon™ XFR Platform Root of Trust (PRoT) Firmware Resilience on Arm-based Platforms

In order to secure platform firmware, the platform-agnostic AMI Tektagon XFR PRoT solution is a perfect fit. This solution leverages the Lattice™ Mach-NX Series, a low-power FPGA Hardware Root of Trust (HRoT) controller to detect, recover and protect against host firmware intrusions for total firmware resiliency. Additionally, for heightened system security, AMI Tektagon XFR delivers firmware attestation to peripheral devices as well as those on the motherboard. This complete PRoT solution is offered across all major platforms including Arm-based systems.

As cloud and on-premises data centers meet greater demands, it is crucial that there are more systems that can support the performance, scalability, and sustainability requirements with greater manageability. Meeting these demands are the Arm-based platforms, such as that provided in the Ampere Altra processor servers. Architected to meet the greatest functionality demands, these Arm-based platforms can provide all the necessary components to support a fully resilient PRoT solution, on the motherboard as well as peripheral devices.

What will be Revealed by AMI and Arm at the OCP Regional Summit?

At the Open Compute Project’s Regional Summit in Prague on April 19th and 20th, AMI and Arm will reveal AMI Tektagon XFR, deployed on a Broadcom PCIe Card connected to an Arm-based, Ampere Alta processor platform. The solution will show a secure system boot with device attestation using SPDM for active system management.

During the pre-boot phase, Tektagon XFR will initialize with the SPDM device to the Broadcom controller. Once the communication is established, the solution will verify the correct device manufacturer through a certificate exchange. Lastly, Tektagon XFR will run an attestation on signed measurements from the device, comparing it to known “good” values. With a successful attestation, the system will be released to boot. If attestation is unsuccessful, the system will be held at reset.

In addition to the demonstration, AMI and Arm will have a technical presentation about “Secure System Design on Arm using Platform Root of Trust (PRoT).” The session will be held at 9:30 am on April 20th.

Please Join AMI’s Booth Number A15 for the Demo Experience

Interested in viewing this live demo? Participants can find this and other demonstrations in the AMI booth (A15), at the OCP Regional Summit on April 19th and 20th. Stop by and engage with us for further discussions.

About AMI Tektagon XFR

AMI Tektagon XFR is a fully NIST 800-193 compliant integrated PRoT solution that is cost-effective, scalable, compatible, and easy to implement. The solution leverages a Lattice Mach-NX Series, a low-power FPGA controller to deliver pre-verified, PFR-compliant functionality, to a server’s motherboard and peripheral devices. Features of the Tektagon XFR solution include image validation, firmware attestation, and recovery, to deliver full firmware resiliency.