Securing Hardware and Firmware Supply Chains

In modern cloud data centers, ensuring the reliability, integrity, and security of hardware and firmware is of utmost importance. Firmware is the lowest-level software that runs on every chip in a server, including the CPU, GPU, and storage controller. Firmware provides a programming interface on which higher level software is built, so you can think of hardware as the foundation and firmware as the foundation upon which the rest of the stack is built.

Microsoft collaborates with industry partners through: Open Computing Project (OCP) Define open hardware and firmware specifications that benefit the entire industry. One recent example is: CalitraProvides an open and transparent implementation of the root of trust for all ASICs. Caliptra Root of Trust not only provides a unique, unforgeable identity for each device, but also provides a way to verify the authenticity of all firmware running on the device. As industry partners begin delivering products using Caliptra as their root of trust over the next year, customers will have confidence in the security and reliability of the hardware they deploy.

With Caliptra’s efforts well underway, Microsoft and the OCP security community have turned to improving the reliability of the firmware that underlies the software environment. The result of these efforts is OCP Security Assessment Framework and Support (safe) The program was launched at the OCP Global Summit in October 2023. This framework ensures security compliance for cloud hardware and firmware. Simply put, SAFE’s goal is to build a better foundation.

OCP Safety

The OCP SAFE program defines a comprehensive framework for standardizing the security review of the code and hardware design on which modern computers run. The SAFE framework defines three scopes, each of which provides greater assurance while taking into account the increasing sophistication of adversaries. The third level assumes that you have a well-funded enemy with a sophisticated laboratory.

The result of the SAFE review is cryptographically signed Short Form Reports (SFRs) along with more secure firmware and hardware. The report, published on OCP’s GitHub, is a JSON document that contains a hash of the reviewed firmware, a list of remaining security issues, and metadata identifying the vendor and reviewer. Schemas are designed to be easily understood and inspected by both people and programs. The SFR format allows organizations (cloud service providers, enterprises, or end users) to easily encode their security policies in a simple program. means “moderate to moderate severity.” This enables automated and consistent application of security policies at deployment, boot, and runtime.

Since the launch of SAFE in 2023, the community has grown. The SAFE Technical Advisory Committee (TAC) approved five additional Security Review Providers (SRPs), increasing the total number to: 8 review providers. Before being approved as an SRP, all companies must demonstrate security expertise, independence, and a commitment to improving security. All five newly added review providers joined at the request of existing customers. These customers were already actively working with security companies to ensure the security of their products. The SAFE program provides a way for these device vendors to publicly demonstrate the security work they have been doing for many years, ensuring a common foundation of quality that can be accepted across the industry.

“As our industry transitions from “one-time” security testing to a state of continuous security validation across the entire life cycle of a device, OCP SAFE’s holistic and transparent approach ensures that device vendors use secure development and build processes and continually comply with regulations. Uniquely verifies compliance. By meeting your requirements and engaging experienced security reviewers and contributors like IOActive, we ensure that your physical devices, firmware, drivers, and software components meet or exceed OCP SAFE’s latest cloud security standards, all the way down to source code. ” Gunter Ollmann, IOActive CTO

security assurance

Caliptra-enabled devices and SAFE-reviewed firmware each independently improve security, but together they increase the transparency and reliability of the system. This is achieved by having cryptographically verifiable measurements (hashes) for each firmware layer running on the connected system, with proofs created by an open-source (and SRP-reviewed) silicon root of trust. This combination allows end users to independently verify that the firmware in their computing environment has undergone rigorous security audits. This flow is described below.

Figure 1 Firmware configuration and security assurance verification flow

There are several ways to expose runtime attestations on Caliptra-enabled devices, but the simplest way is to share measurements in SPDM queries or, for confidential calculations, in Trusted Security Manager (TSM) reports. This query returns a hashed list of firmware loaded on the system.

After obtaining the attestation report, the user can compare the hash of the attestation report to the referential integrity manifest (RIM) file provided by the device vendor. A RIM file contains measurements for a collection of firmware that the vendor has verified as genuine, suitable for the device, and compatible with other firmware listed in the RIM file.

Once the attestation report is validated against the RIM file, users now have confidence that their device is only running firmware developed by the device provider. The next step is to verify that the runtime measurements match those in the published SAFE Short Report. You can verify the authenticity of a report by checking its cryptographic signature. If the measurements match, the user will know that the running firmware has been reviewed by the brief report writer. Users should review the remaining issues in the published short report to determine whether they meet their security requirements. In addition to cryptographically binding the SFR to a specific firmware version, the SFR acts as a secondary signature in the firmware. This additional layer protects the vendor’s code signing process from compromise.

Hardware Supply Chain Source

The previous flow combined the measurement capabilities of SAFE and Caliptra to improve overall system security. Microsoft has developed another flow that leverages the cryptographic identity capabilities provided by Caliptra to ensure that only genuine hardware is delivered to Azure. This flow tracks the unique identity of every device throughout its entire lifecycle, starting with chip manufacturing and continuing through assembly, system integration, deployment, operations, and secure disposal in Azure.

Azure manages hardware identities in a management system called Hardware Key Management Service (HKMS). At each step of the manufacturing process, HKMS collects the public portion of the device ID generated within Caliptra. These IDs are IDEV and LDEV Certificate Signing Request (CSR). By collecting the public portion of these cryptographic IDs, HKMS can validate the Hardware Bill of Materials (HBOM) as well as verify device provenance and manufacturing history before signing the CSR and approving the device as eligible for Azure deployment. The LDEV ID is then renewed or revoked throughout the operational life cycle of the device. More information about Caliptra ID can be found here: Calitra specifications.

Figure 2 Hardware Key Management Service

The backup storage of HKMS is Azure Confidential LedgerThis is Azure Confidential Computing platform and Confidential Computing Framework. These technologies ensure the security of backup storage and provide non-repudiation and immutable auditability for HKMS-managed hardware identities.

Supply chain transparency

Recognizing the widespread need to improve supply chain security, Microsoft worked with industry partners to leverage its experience developing supply chain assurance processes (including the Caliptra and OCP SAFE technologies described above) into a broader framework that could be widely adopted. The result of these continuous efforts is Supply chain integrity, transparency and trust (SCITT) Internet Engineering Task Force Initiative. This proposal describes a process for managing compliance and transparency of goods and services throughout the supply chain. SCITT supports continuous verification of services and devices that can ensure the authenticity of entities, evidence, policies, and artifacts and ensure that an entity’s actions are authorized, non-repudiable, immutable, and auditable.

Figure 3 SCITT framework

The SCITT framework builds on technologies like Caliptra and OCP SAFE to track devices and firmware throughout the chain of custody, protecting virtually the entire supply chain. By using a transparent root of trust like Caliptra and integrating evidence such as manufacturer SBOM, referential integrity manifest (RIM), and OCP SAFE audit reports, you can verify device integrity throughout the hardware supply chain and operational lifecycle. This combination of transparent security technologies ensures that hardware and firmware are always authorized, non-repudiable, and immutable and auditable.

Confidential Consortium Framework (CCF) is used to provide the SCITT eNotary immutable ledger. This, combined with a confidential signature service that only signs artifacts with valid claims on the ledger, allows you to enforce undeniable, immutable, and auditable end-to-end supply chain claims.

Figure 4 Hardware Transparency Service

The SAFE framework combined with Caliptra-enabled devices significantly improves the security, transparency, and reliability of the system. By leveraging the SAFE framework’s cryptographically signed short-form reports, organizations can automate and consistently enforce security policies at deployment, boot, and runtime. Based on the ID provided by Caliptra, the entire life cycle of the device can be better protected, from manufacturing to distribution and end-of-use. Microsoft is committed to providing robust, reliable solutions that meet our customers’ changing needs while continuously innovating and improving our security measures.