Case Study

microchip.com

Data Center Platform Firmware ResiliencyEach generational advance in areas such as network architecture, cloud infrastruc-ture, smart product design, wireless evolution. smart city buildouts or autonomous vehicle operation represents millions of new opportunities for cost savings, effi-ciency gains and performance acceleration. Hyperscale data centers and new data storage structures are growing in tandem with the demand. Businesses, govern-ments, utilities, consumers and a wide spectrum of public and private institutions all expect to leverage these advances right alongside the inventors of each new element of our increasingly-connected world.

Another group eagerly awaits each new incremental leap forward. Hackers.

SmartOur cryptography-enabled CEC1712 MCU with Soteria-G2 custom firmware is designed to stop malicious malware such as rootkits and bootkits.

ConnectedOur solution is a security enabler for servers, telecommunication equipment, and connected autonomous vehicle operating systems, ADAS and other systems that boot out of external SPI Flash.

SecureOur Soteria-G2 custom firmware provides secure boot with hardware root of trust protection for operating systems booting from external SPI flash memory.

Some would say that the first hackers were teenagers who gained access to telephone switchboards during the early 1900s and rerouted customer calls as a prank. To be a hacker in the 1960s meant that you were prob-ably a mainframe computer programmer who devised new code to push computing operations beyond their intended performance thresholds. It wasn’t an evil des-ignation. It meant that you had advanced the practice of mainframe manipulation and gained the respect of your peers. The next evolutionary target were telecom carriers. Talented technologists would study the devices that connected to the network and mimic the tones used to route long-distance calls to treat themselves to free long-distance service. These phreakers (a mash-up term describing their phone network understanding and freak-ish intentions) created a gray market for black boxes that could perform this cost-saving workaround. By the time the telephone networks migrated to soft-ware-based control systems, hackers had moved on to more interesting targets like the emerging population of PCs and computer networks. And at some point, they crossed the line from somewhat-harmless experiment-ers to disruptors of a criminal nature.

A connected future offers a variety of hardware, software and service disconnects that security-oriented vendors and manufacturers will need to address. Vulnerabilities that could not be imagined a generation ago magnetically attract the attention of those with good intentions as well as those with bad.

In the not-so-distant past, a common prescription to combat the potential for nefarious misuse of popular USB memory drives within government agencies and corporate settings was to use glue or silicone to fill each USB comput-er port on enterprise computers and laptops. Today, that approach seems as medieval as pulling a row of teeth to combat a toothache.

The gravitational attractiveness of advanced technologies seems to be much stronger than the fear of data subver-sion or compromised information. Until it happens.

While advertising by wireless network operators would have you believe that 5G is here today and IoT-enabled devices are ready for the mass market, reality is on a more evolutionary trajectory. Data center architects and storage system designers are building tomorrow’s infra-structure solutions at the same time hackers are testing their vulnerabilities. In an interesting twist, the hacking community may be sensing the arrival of nationwide 5G access and billions of Internet of Things (IoT) nodes as a return to telecom-oriented networks for backdoor access to valuable data and entry points for chaos. The sheer volume of devices and systems available for software and hardware-based mayhem will be unprecedented. Newly-designed bots and scripts will need to be account-ed for as hacker business models will be aimed at emerg-ing ports-of-entry for their malicious code.

...storage system designers are building tomorrow’s infrastructure solutions at the same time hackers are testing their vulnerabilities...

Security is at the Heart of Microchip’s Product PortfolioIt’s not just hardware and computer systems that are subject to attack by hackers. Unprotected components in a system are susceptible as well. The landscape for security is loaded with market-specific requirements and market drivers are constantly changing. When companies are publicly called out for security breaches, they are likely to experience a significant loss of industry credibility and may even experience severe revenue and stock price declines. Unfortunately, no set of standard security guidelines for platform firmware resiliency has been practiced across the board. A dizzying array of considerations must be considered in any security approach to ensure alignment with standards, industry mandates, func-tionality, costs, customer’s customer demands, safety, performance and network paradigms.

In embedded designs, security measures interface with many layers of on-device storage, communication hardware and protocols, node and gateway implementations, device management systems, cloud computing and more. Security needs to be a consideration at the inception of each embedded design and Microchip has a long history of delivering solutions that directly protect products and, ultimately, protect intellectual property, corporate brands, reputations and revenue.

Microchip customers can confidently create embedded security solutions that protect their products with the industry’s most comprehensive security port-folio and world-class Security Partner Program. With cutting-edge approaches to security, as well as immediate responses to industry-wide attacks, Micro-chip offers the flexibility to create custom solutions to fit the individual needs of each design. From authentication devices and trusted platform modules, to crypto-enabled microcontrollers and microprocessors, software libraries and enhanced protocols, the Microchip approach to security is central to every-thing we do.

The Challenge

...external SPI Flash memory has been an increasing focus

area for many OEMs...

A global provider of high-performance server technology was in-terested in upgrading their battle plan for hardware and OS-based security. Increasing awareness of rootkit and bootkit vulnerabilities in systems that boot from external SPI Flash memory has been an increasing focus area for many OEMs.

Rootkit malware is designed to be unnoticeable to the user, even while it is active. Cybercriminals gain the ability to remotely control computer systems via rootkits and can use them to subvert securi-ty programs while stealing personal data, passwords, bank details and credit card information. A Bootkit is poisonous code which af-fects the master boot record of a computer motherboard, enabling malicious programs to executed just prior to the time when the Operating System loads.

Microchip’s new cryptographic MCU, custom firmware and pro-visioning service are purpose built to enable platforms to detect and stop malicious firmware prior to run time. Our customer was particularly interested in a multi-pronged strategy to address:

• Fast response times to correct security breaches• Understanding security threats and mitigation• Migrating from a secure device strategy to a to secure platform

strategy• Aligning with evolving security organizations and standards• Adopting security expertise and resources• Understanding the impacts on legacy devices and platforms

SolutionAfter meeting with the customer to better understand their requirements and advising them on the project’s dynamics, the Microchip team was able to recommend a solution with the cryptography-enabled CEC1712 MCU with Soteria-G2 custom firmware as its centerpiece. The project commenced in 2019.

Microchip’s Soteria-G2 custom firmware on its full-featured CEC1712 Arm® Cortex®-M4-based microcontroller provides secure boot with hardware root of trust protection in a pre-boot mode for those operating systems booting from external SPI Flash memory. In addition, the CEC1712 provides key revocation and code rollback protection during operating life enabling in-field security updates. Complying with NIST 800-193 guidelines, the CEC1712 protects, detects and recovers from corruption for total system platform firmware resiliency. The secure boot with hardware root of trust is critical in pro-tecting the system against threats before they can load into the system and only allows the system to boot using software trusted by the manufacturer.

The Soteria-G2 firmware is designed to be used in conjunc-tion with the CEC1712 to allow designers to speed adoption and implementation of a secure boot, by simplifying the code development and reducing risk. Soteria-G2 uses the CEC1712 immutable secure bootloader, implemented in Read-Only Memory (ROM), as the system root of trust.

The CEC1712 secure bootloader loads, decrypts and authenticates the firmware to run on the CEC1712 from the external SPI Flash. The validated CEC1712 code sub-sequently authenticates the firmware stored in SPI Flash for the first application processor. Up to two application processors are supported with two Flash components supported for each. Pre-provisioning of customer-spe-cific data is offered as an option. Pre-provisioning is a secure manufacturing solution to help prevent over-building and counterfeiting. In addition to saving up to several months of development time, the solution sig-nificantly simplifies provisioning logistics, making it easy for customers to secure and manage devices without the overhead cost of third-party provisioning services or certificate authorities.

Platform firmware resiliency is more than a point solu-tion however. According to industry guidelines, all poten-tial firmware security breaches need to be protected and all devices and subsystems within the platform need to attest to their identity and state of security. This means that ideally there needs to be a system aggregator for platform attestation. Microchip’s combination of CEC1712 and Soteria software scales to meet the needs of various attestation use cases within the platform.

Microchip was able to show a unified solution for allied components and controllers:

Switchtec PCIe Switches: Our broad portfolio of high-re-liability PCI Express® (PCIe) switches offers the industry’s highest-density and lowest-power solutions for data center, storage, communications, defense, industrial and a wide range of other applications. In addition to our fanout, programmable and advanced fabric PCIe switches, our industry-leading PCIe solutions also include NVMe™ controllers, NVRAM drives, redrivers and timing solutions, as well as Flash-based FPGAs and SoCs.

Flashtec® NVMe Drive Controllers: Flashtec NVMe Controller family enables the world’s leading enterpris-es and data centers to realize the highest performance SSDs utilizing next-generation NAND technologies. Combining world-class capacity and flexibility, the Flashtec Controller family is the reliable choice. The NVMe controllers support the standard NVMe host interface and is optimized for maximum high-perfor-mance random read/write operations, performing all Flash management operations on-chip and consuming negligible host processing and memory resources.

Adaptec® Storage/RAID Controllers and Adapt-ers: Adaptec SmartRAID adapters are full-featured, high-performance enterprise RAID adapters built for a variety of storage requirements. They have the indus-try’s lowest power consumption and provide maximum read/write bandwidth and Input/Output Operations Per Second (IOPS) when coupled with 12 Gbps SSDs. Unique features available on some adapters include integrated Zero-Maintenance Cache Protection (ZMCP); maxCache, a SSD caching solution; and maxCrypto con-troller-based encryption for any block-based storage

device. Adaptec SmartHBA Host Bus adapters are the ide-al connectivity solution for server-based storage systems that require maximum bandwidth and I/O connectivity, low-power consumption and high reliability.

PolarFire® FPGA Family: Award-winning PolarFire FPGAs deliver the industry’s lowest power at mid-range densi-ties with exceptional security and reliability. The product family spans from 100K Logic Elements (LEs) to 500K LEs, features 12.7G transceivers and offers up to 50% lower power than competing mid-range FPGAs. The devices are ideal for a wide range of applications within wireline access networks and cellular infrastructure, defense and commercial aviation markets, as well as industrial auto-mation and IoT markets

Microchip’s solution included a superior bundle of products in combination with CEC1702 (DM990013) development boards, schematic reviews, education on security risk and mitigation, Soteria firmware, provision-ing expertise and our MPLAB® X Integrated Development Environment (IDE). MPLAB X IDE is an expandable, highly configurable software program that incorporates pow-erful tools to help customers discover, configure, devel-op, debug and qualify embedded designs for most of Microchip’s microcontrollers and digital signal controllers. MPLAB X IDE works seamlessly with the MPLAB develop-ment ecosystem of software and tools.

In addition to preventing malicious malware during pre-boot in 5G and data center operating systems, Microchip’s CEC1712 and Soteria-G2 combination is a security enabler for connected autonomous vehicle operating systems, automotive Advanced Driver Assisted Systems (ADAS) and other systems that boot out of external SPI Flash.

The ResultOur data center customer’s end users are now less likely to have their corporate, personal, financial, or medical data systems breached by hackers, avoiding the mitiga-tion nightmare that accompanies a compromising event.

Defending against rootkits with secure boot is a power-ful approach, and the adoption of the CEC1712 and Sote-ria-G2 firmware was an ideal strategy to protect against threats before they can be loaded. The combination of hardware root-of-trust practices, secure boot capabili-ties and Soteria firmware can easily be added to legacy systems, enabling them to scale from a point solution to a platform level security solution.

All potential firmware security breaches need to be protected, and all devices and subsystems within the platform need to attest to their identity and state of security.

The Microchip name and logo, the Microchip logo, Adaptec, Flashtec, MPLAB and PolarFire are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. Arm and Cortex are registered trademarks of Arm Limited (or its subsidiaries) in the EU and other countries. All other trademarks mentioned herein are property of their respective companies. © 2021, Microchip Technology Incorporated. All Rights Reserved. 3/21 DS00003888A

Microchip Technology Inc. | 2355 W. Chandler Blvd. | Chandler AZ, 85224-6199 | microchip.com