A Guide to Implementing HRoT with NIST PFR Guidelines
Data breaches are increasingly costly as the sophistication and funding (in some instances, state-sponsored) of hackers has increased. The Cost of a Data Breach Report 2021 by IBM states that “2021 had the highest average data breach cost in 17 years” rising from USD 3.86 million to USD 4.24 million.
While companies have taken steps in some areas to improve security, firmware is the next prime area for hackers. According to the March 2021 Security Signals (a report commissioned by Microsoft), “More than 80% of enterprises have experienced at least one firmware attack in the past two years.”
Firmware is emerging as a primary target for hackers because it is where sensitive information, including credentials and encryption keys, is stored in memory. If platform firmware is compromised, the entire platform is compromised.
With the largest technology companies seriously engaging and taking the next steps to implement a hardware root of trust (HRoT) solution, all original design manufacturers (ODMs) and original equipment manufacturers (OEMs) should be motivated and respond to the current situation.
Need for HRoT Protection
From the time that an OEM/ODM builds a server and it enters the supply chain, reaches the datacenter and then gets installed and becomes operational, there are numerous opportunities for disreputable actors to compromise the server.
While conventional thinking assumes that reimaging the system to its original state will wipe out any malware, some malware could survive a firmware update. However, HRoT solution will provide a foundational level of security since it establishes the authenticity of the firmware and validates that it has not been compromised before allowing a system to boot. If the firmware is compromised, it may be impossible to detect without specialized hardware. To address firmware integrity, the U.S. National Institute of Standards and Technology (NIST) added to its security guidelines.
NIST 800-193 Platform Firmware Resiliency (PFR) Guidelines
Released in May 2018, NIST Special Publication 800-193 Platform Firmware Resiliency (PFR) Guidelines were developed to help organizations prepare better against potentially destructive attacks to the collection of hardware and firmware components of a computer system. The security guidelines are based on the principles of protection, detection and recovery.
- Protection: Solution must ensure that Platform Firmware code and critical data remain in a state of integrity and are protected from corruption, such as the process for ensuring the authenticity and integrity of firmware updates.
- Detection: Mechanisms must be in place for detecting when Platform Firmware code and critical data have been corrupted or otherwise changed from an authorized state.
- Recovery: Finally, for recovery from a disruptive event, a system must have the capability to restore Platform Firmware code and critical data to a state of integrity when firmware code or critical data are detected to have been corrupted, or when forced to recover through an authorized mechanism. Recovery is limited to the ability to recover firmware code and critical data.
To be resilient, all three basic requirements for resilient firmware must be satisfied: the firmware must be protected from tampering, corrupted firmware must be detected, and compromised firmware must be restored.
Hardware Root of Trust from AMI
While NIST 800-193 describes what has to be done to detect, protect and recover firmware, it does not provide the “how to” portion. This is where over 35 years of firmware expertise of AMI comes into the picture. AMI PlatFire is a comprehensive HRoT solution, a robust PFR product that utilizes Lattice FPGA to provide an independent HRoT with maximum flexibility to not only detect and protect against firmware attacks, but also recover and re-provision platform firmware, minimizing data center downtime and loss of confidential data.
Designed to Detect, Protect and Recover Firmware
AMI PlatFire is designed to detect, protect and recover firmware from unauthorized modification. The solution can continuously monitor and block unauthorized SPI and SMBus transactions during runtime to ensure no malicious read/write commands are executed. If necessary, it can detect when the platform firmware code and critical data is compromised or corrupted. In the event platform firmware is corrupted, the solution can restore platform firmware and authenticate recovery image upon failure. Compatible with most silicon vendors, this NIST 800-193 compliant HRoT solution minimizes platform ecosystem or vendor lock-in and can provide up to 30% cost savings on a combined chip solution compared to competitive alternatives.
What does AMI PlatFire Protect?
Utilizing the Baseboard Management Controller (BMC) HRoT engine, AMI PlatFire validates BMC and BIOS firmware. It is also capable of monitoring and securing any firmware accessible by the BMC, including add-in cards, power supplies, NICs and Non-volatile DIMMS.
To easily and quickly implement AMI PlatFire, a best-known configuration (BKC) reference design is offered to OEM/ODMs.
Prioritizing Platform Firmware Security and Resiliency
Platform firmware protection is foundational security and security of a layer is only as good as the layer below it. So, trust must be established pre-boot and mechanisms must be there to protect, detect and restore platform firmware.
Timing is important and October is National Cybersecurity Awareness Month (NCSAM). Started in 2004 as an effort by the U.S. Department of Homeland Security, NCSAM is now an industrywide push that takes place in October to make organizations more aware of cyber threats. As part of your company’s response to October’s National Cybersecurity Awareness Month and to improve your company’s platform security, learn more about how AMI HRoT solutions can help you make your platform firmware more secure and resilient.
To learn more about AMI PlatFire, visit: ami.com/ami-hrot
To schedule a consultation, please visit: ami.com/contact