Microsoft has unveiled a new cryptographic microcontroller today as part of its Project Olympus cloud hardware initiative. The unit was created as an open-sourced industry standard for platform security, developed in conjunction with the Open Compute Project community.
Dubbed Project Cerberus, the NIST 800-193 compliant microcontroller "intercepts accesses from the host to flash over the SPI bus (where firmware is stored), so it can continuously measure and attest these accesses to ensure firmware integrity and hence protect against unauthorized access and malicious updates," Azure Hardware Infrastructure GM Kushagra Vaid said in a post on its Azure cloud blog.
This helps cloud-based server firmware by eliminating the threat of:
- Malicious insiders with administrative privilege or access to hardware
- Hackers and malware that exploit bugs in the operating system, application, or hypervisor
- Supply chain attacks (manufacturing, assembly, in-transit)
- Compromised firmware binaries
Vaid said that Microsoft is working with Intel on the best model implementations. The company has released an initial draft of the specs on Project Cerberus to the OCP community, encompassing motherboard firmware (UEFI BIOS, BMC, Options ROMs). The company hopes that through community effort, it can be expanded to cover all peripheral input/output cover components such as HDD, SSD, NIC, FPGA, and GPU.
Microsoft spends about $1 billion a year on cybersecurity, Vaid said. The goal is to make Azure as safe and trusted as possible, and Project Cerberus is the next step in the process with OCP, which it joined in 2014.