The Open Compute Project Foundation (OCP) released version 1.0 of the Root of Trust (RoT) specification. According to these specifications, every OCP device must first have an RoT responsible for verifying the device firmware at boot time, keeping it authentic and secure during updates, and recovering it when corruption occurs.
OCP Security specifications
Yigal Edery, Vice President of Products Kameleon Security and Rajeev Sharma, Director of Software & Technologies at Open Compute Project, wrote a blog post on version 1.0 of the Root of Trust (RoT) specification. Furthermore, many member companies, including Kameleon Security, Nuvia, Rambus, and ASPEED Technology, have announced their plans to support the OCP security specifications.
Bill Carter, CTO for the Open Compute Project, said,
“Root of Trust is foundational to establishing a trusted platform. This specification and the future attestation and boot specifications from the OCP Security Project will result in best-in-class platform security. In the future, anyone deploying OCP Accepted products are assured they are deploying a secure & trusted system to run their business.”
OCP’s first set of specifications are the secure boot that covers the requirements needed in order to be able to verify firmware integrity during boot, a peripheral attestation that covers the requirements for having a unique identity for every device, and the ability to securely communicate device measurements from the AC RoT to the PA RoT, and threats scope that explains the various threat vectors being defended against and helps map each of them to relevant feature requirements in the specs.