Securing Bare Metal Hardware at Scale

Explore the critical topic of securing bare metal hardware at scale in this 50-minute conference talk. Delve into the growing threats of firmware backdoors and BIOS/UEFI exploits that can bypass OS and hypervisor protections. Learn why traditional vendor firmware signatures and secure boot implementations are insufficient for true defense. Discover innovative approaches to detect and recover firmware, including mechanisms to force devices into a restorable state. Gain insights into the challenges of implementing these security measures at scale and the future of firmware security. Examine the contents of modern servers, signed firmware, hardware engineering, and custom hardware limitations. Investigate the roles of major tech companies and vendors in addressing these security concerns. Presented by Paul McMillan and Matt King, experienced professionals in cloud hardware security, this talk offers valuable knowledge for anyone interested in cutting-edge cybersecurity practices.

Intro
What are we talking about
Whats in a modern server
Signed firmware
Hardware engineering
Challenges
Custom Hardware
Limitations
Improvements
Vendors
Google Microsoft
Intel
marginal costs