AMI® CLEFS™ Cloud Environment for Firmware Signing
Private key management and firmware signing for UEFI and BMC firmware is seen as a growing potential vector of harm, both for manufacturers and their end users. The inappropriate storage of keys, when stored together with the source code they protect, is increasingly a key contributor to this threat - since an attack on the protected code can compromise its key as well.
Fortunately, use of a dedicated signing server, called a Hardware Signing Module or HSM, can isolate and protect keys from such an attack. Placing an HSM in the cloud adds an additional layer of security for vulnerable keys.