Project Cerberus: Hardware Root of Trust for Cloud Security

Explore Project Cerberus, a hardware root of trust initiative, in this 35-minute Linux Foundation talk by Bryan Kelly from Microsoft. Dive into the cryptographic microcontroller's role in providing hardware-enforced secure boot with digital signature enforcement and measured boot. Learn about the cloud firmware threat vectors, guiding principles for firmware security, and the current state of industry servers. Discover the Cerberus ASIC, its dedicated security microprocessor, and how it interacts with platform components. Understand the scalable security architecture, platform attestation, and the Platform Firmware Manifest (PFM). Gain insights into Microsoft's approach to enhancing cloud server infrastructure security through innovative firmware solutions.

Intro
Open Compute Project
Project Olympus
Open Source Momentum...
More Open Building Blocks Followed
Open Hardware Security
The Cloud Firmware Threat Vectors
Firmware Attack Surface
Guiding Principles for Firmware Security
The Current State of Industry Servers
Introducing Project Cerberus A set of platform requirements
Project Cerberus Hardware Root-of-Trust
What is the Cerberus ASIC • Dedicated security microprocesso
Interpose Interface
Protection
Recovery
Platform Trust Hierarchy Scalable security architecture • Motherboard contains master
Platform Attestation • Single Platform Measurement
Cerberus - Security Controller
Cerberus - Platform Firmware Manifest (PEM)