Microsoft is designing a hardware chip that will secure server firmware, and it wants an open source community to help it. The chip will defend firmware from ‘malicious insiders,’ hackers that exploit bugs in the infrastructure stack, compromised binaries, and even attempts to break in when hardware is being manufactured, assembled, or shipped.
To design it, the company is hoping to use the same process it used to design its latest cloud server hardware – by open sourcing the project in its beginning stages and using a communal effort of internal and external contributors.
Microsoft broke new ground when it went the open source route with Project Olympus in October 2016, launching an open source project to develop a server platform.
Previous open source data centre hardware efforts consisted of companies like Facebook and Microsoft open sourcing complete custom hardware specs, not actually having hardware designed the way a lot of open source software gets created.
The company launched Project Olympus by open sourcing a server design that was about half-way finished. The company has announced that it has now been completed, and servers built to the design have been running in Azure data centres, supporting the Microsoft cloud’s fastest VMs yet: the Fv2 Virtual Machine family, powered by Intel Xeon scalable processors and meant for resource-heavy, large scale workloads, such as financial modeling, scientific analysis, genomics, and deep learning.
Both Olympus and Cerberus are part of the Open Compute Project, the data centre infrastructure design community Facebook launched in 2011.
Similar to Google’s Titan, a proprietary chip the Alphabet subsidiary designed to secure its servers, Cerberus will be a ‘hardware root of trust specifically designed to provide robust security for all platform firmware.’ That includes firmware on the motherboard, such as BIOS and BMC, and peripheral I/O device firmware. The initial draft Microsoft released today covers motherboard firmware.
The project’s scope extends beyond the data centre. Because the spec is CPU and I/O architecture agnostic, it can secure firmware on everything from servers to IoT devices.