Microsoft is extending its Open Compute Project (OCP) contributions with a new security-focused component.
Microsoft's "Project Cerberus" is a cryptographic microcontroller that is designed to intercept accesses from the host to flash over the SPI bus, where the firmware is stored. It's meant to project against unauthorized access and malicious updates, said Microsoft officials in a November 8 blog post.
Cerberus will be able to defend platform firmware from insiders with administrative privilege or access to hardware; hackers and malware exploiting bugs in the OS, app, or hypervisor; supply-chain attacks; and compromised firmware binaries, officials said.
Project Cerberus enables pre-boot, boot-time and runtime integrity for all the firmware components in the system, Microsoft execs said. The specification for Cerberus is CPU and I/O architecture agnostic, so it can be implemented in different ways on a variety of platform types, starting with datacenter servers, and ultimately also on IoT devices.
Microsoft officials called Cerberus the next phase of Project Olympus. They noted that Microsoft spends a billion dollars a year on cybersecurity, with much of that going toward securing Azure. The company is taking some of its work around datacenter security, data privacy and encryption, threat detection, and other related work and applying it to its OCP efforts.
Microsoft joined the Open Compute Project (OCP) in 2014, and is a founding member of and contributor to the organization's Switch Abstraction Interface (SAI) project.The OCP publishes open hardware designs intended to be used to build datacenters relatively cheaply. The OCP has already released specifications for motherboards, chipsets, cabling, and common sockets, connectors, and open networking and switches.