Some of the top names in the hardware industry have joined forces to create common technologies to enhance security in the cloud.
Google, Nvidia, Microsoft, and AMD partnered to establish Caliptra, an open specification to embed security mechanisms inside chips. The spec, which is open source and free to license, was announced on Tuesday at the Open Compute Project Summit, being held in Santa Clara, Calif. The participating companies are members of the Open Compute Project (OCP), which will maintain the development of the specification along with the Linux Foundation.
The Caliptra project revolves around establishing a root of trust (RoT) — building security layers into silicon so data is encrypted and not exposed as it travels in data centers or the cloud.
“We need to embed that capability in silicon. At some point in the future, it’s not going to be enough to have it on the motherboard, for example in the server as a separate piece of circuitry,” said Cliff Grossner, vice president of market intelligence at OCP, during a press briefing.
Caliptra expands the security boundaries of data from the chip level to the cloud. The specification provides common language for chip makers and cloud providers to create technologies around confidential computing, which is gaining attention as a way to protect data while it is in storage, in transit, or being processed in the cloud.
“With the rise of edge computing, the resultant growth in the exposed attack surface also presents a need for stronger physical security solutions,” wrote Mark Russinovich, Microsoft CTO for Azure, in a Tuesday blog post about Caliptra.
Defining Open Source Confidential Computing
Vulnerabilities like Spectre and Meltdown showed hackers could steal data by attacking hardware. Intel and AMD, whose CPUs dominate the data center and cloud infrastructure, are adding proprietary features to lock down data at the chip level, but Caliptra is being pitched as a viable open source alternative.
The specification defines a reusable silicon block that can be dropped into chips and devices to establish an RoT. The silicon block provides verifiable cryptographic assurances that the chip security configuration is correct. It also provides a mechanism within the chip to ensure that the boot code can be trusted.
“This represents an enhancement over existing solutions today, and we expect that this will meet the enhanced security requirements for edge and confidential computing going forward,” OCP’s Grossner said.
The specification includes mechanisms to protect data from a range of electromagnetic, side-channel, and other common attacks. But Caliptra does not cover emerging attack vectors like quantum computers, which will provide the means to crack advanced encryption in just seconds.
The Caliptra specification also covers major aspects of attestation, which is more of a chip-level handshake to ensure that only authorized parties get access to data stored in hardware enclaves. The RoT blocks in a chip isolate the data, while providing an effective mechanism to verify the authenticity and integrity of code, firmware, and other security assets.
Securing the Enterprise Cloud
The first Caliptra spec, version 0.5, can be prototyped on field-programmable gate arrays before being implemented into final chip designs. The specification document points to the technology being geared for enterprise computing infrastructures rather than home or business PCs.
The tenets of Caliptra, which include authentication, detection, and recovery, tilt heavily toward establishing a silicon RoT for server and edge chips, which are built differently than PC chips.
Microsoft is using attestation based on Trusted Platform Module (TPM) chips as a security mechanism for Windows 10 and 11 operating systems. The company’s Pluton security chip, which has a TPM built in and can be used for attestation, has largely been rejected by the wider PC industry.
Microsoft and Google executives didn’t say whether or when they would make Caliptra a part of their cloud services. Microsoft last week expanded the use of AMD’s SNP-SEV technology for confidential computing in the cloud. Azure also offers virtual machine instances with Intel’s proprietary SGX security enclave.
Expanding the Open Compute Project
The Open Compute Project was established in 2011 by the likes of Google and Meta (then Facebook), which were buying thousands of servers and looking to standardize on hardware designs in their mega data centers. The goal was to reduce the server build times and cut costs by stripping off unnecessary components.
OCP has since grown into a powerhouse that counts all major infrastructure hardware providers as members — with the exception of Apple and Amazon, which rely on internally designed hardware.
OCP guidelines also include power, cooling, storage, and networking specifications that are now widely adopted. The OCP has also inspired nontech companies, largely in the financial sector, to experiment and develop standardized servers for on-premises data centers.
“We have the industry leaders coming together here within the OCP community, and we want to bring the standardized facility architecture for deployed servers,” Grossner said. “Server security will become scalable.”
Servers previously largely depended on CPUs, but now include different computing devices such as GPUs to handle applications like artificial intelligence. Standardizing the server security architecture was a top priority for company executives addressing media during the OCP call.
“This ecosystem we all play in — it starts with trust you have … in your computing. We were on a path to have a number of bifurcated solutions, and that’s just not good for anyone,” said Mark Papermaster, chief technology officer at AMD, during the call.