Continuous Delivery Sounds Great,
but Will It Work Here?
Toward Higher Precision
Rick Ratzel and Rodney Greenstreet
Simulators: Virtual Machines
of the Past (and Future)
1. Garrett, M. Intel Boot Guard, Coreboot and user freedom,
2. Glass, S. Verified boot in Chrome OS and how to make
it work for you. Embedded Linux Conference Europe,
3. Goodin, D. Supermicro hardware weaknesses
let researchers backdoor an IBM cloud server.
ars Technica, 2019; https://arstechnica.com/information-
4. Hamilton, J. AWS Nitro System. Perspectives, 2019;
5. Hudson, T. Open Source Firmware Conference
Security Keynote, 2018; https://trmm.net/
6. Intel. Intel Data Center Block with Firmware
Resilience. Solution Brief, 2017; https://www.intel.com/
7. Intel. What is Intel Management Engine? Intel, 2017;
8. King, M., McMillan, P. Securing bare metal hardware
at scale. BSides PDX, 2018; https://www.youtube.com/
9. Kumar, M. J. OCP initiatives and Intel implementations,
10. Lattice Semiconductors. Universal Platform
Firmware Resiliency (PFR) – Servers, 2018; http://
11. Leroux, S. The truth about the Intel’s hidden Minix OS
and security concerns. It’s FOSS, 2017; https://itsfoss.
12. Minnich, R. et al. Replace your exploit-ridden firmware
with a Linux kernel, 2017; https://schd.ws/hosted_files/
13. OCP Server Workgroup. OCP NIC subgroup. Open
Compute Project OCP NIC 3.0 Design Specification
Version 0.85b, 2018 https://www.opencompute.org/
14. Newman, L. H. Hack brief: Intel fixes a critical bug
that lingered for 7 dang years. Wired, 2017; https://
15. Open Compute Project. Project Cerberus. GitHub,
16. Pataky, D. Intel Management Engine. Technische
Universität Dresden, 2017; https://files.bitkeks.eu/
17. Regenscheid, A. Platform firmware resiliency
guidelines. NIST Special Publication 800-193, 2018;
18. Savagaonkar, U. et al. Titan in depth: Security in
plaintext. Google Cloud, 2017; https://cloud.google.com/
Jessie Frazelle is an independent contractor. She has
worked as an engineer at GitHub, Microsoft, Google,
Docker, and several startups.
Copyright held by author/owner.
Publication rights licensed to ACM.
Vendors have been building features around the NIST guidelines for
PFR. Intel6 and Lattice semiconductors10 each have a version. The Open
Compute Project (OCP) talk on Intel’s
firmware innovations9 states that Intel is using PFR to deliver Microsoft’s
Cerberus’ attestation principles.
One challenge of open source firmware involves the threat model.
Whether you have a root of trust, and
how that root of trust operates, depends on the threat model. Let’s dive
in a bit with an example. If you are
an enterprise with your own cloud,
your threat model would prevent you
from using any firmware that might
contain vulnerabilities or backdoors
that would threaten your business or
customer data. In this case, you would
ideally want an entirely open source
root of trust, as well as open source
firmware for each of the devices in
your server or laptop, with reproducible builds to ensure integrity. This
would give you the most visibility into
the firmware that is running and the
logic it is composed of.
Another challenge is writing the
firmware for all the devices. There
are a lot of device options for vendors
to use in their systems, so supporting
many of those will be difficult without the device vendors helping out.
For example, consider that many different vendors manufacture DRAM
How to help. The goal of this article is to provide some insight into
what is being built with open source
firmware and why making firmware
open source is so important. To help
with this effort, please help spread
the word. Try to use platforms that
value open source firmware components. Chromebooks are a great example of this, as are Purism (https://
puri.sm/) computers. Ask your providers what they are doing to further
the cause of open source firmware
or ensuring hardware security with
roots of trust.
Acknowledgments. Huge thanks
to the open source firmware community and a shout out to Ron Minnich,
Trammel Hudson, Chris Koch, Rick
Altherr, and Zaolin for helping me
along this journey.
All clouds must
hardware they are
running has not
after a customer
has used compute