Enterprise infrastructure has seen an exponential shift from in-house data centers to a mix of private, public and hybrid clouds, resulting in an increased attack surface and need for secure remote management. Legacy management systems were ill-equipped to address the new environment. Board Management Controllers. or BMCs, remain a key point of vulnerability, being exploited by hackers attacking server infrastructure. Traditional management protocols such as IPMI are not optimized for security and are simply not up to the task. This is evident from specific CVEs being released against BMC software including OpenBMC (https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openbmc).
Industry initiatives such as OpenBMC have attempted to standardize the management infrastructure. However, relying merely on open standards and transparency does not ensure security and trust. The need of the hour, therefore, is to put in place the technologies and processes to raise the bar on secure lifecycle management of servers. This involves taking a multi-layered, defense-in-depth approach, which begins with enabling trust at the BMC chip level and extending that into the management framework, while ensuring supply chain security across the server value chain.
Trust Starts at the Chip
Firmware TPM
SecEdge’s stack significantly reduces the attack surface by controlling and isolating the access to the BMC software. It takes a multi-layer approach, starting with a hardware root of trust rooted in the BMC hardware, and ensures supply chain security via late binding of credentials bound to the Root-of-Trust. It enables the following capabilities:
- Initial activation and change of ownership without requiring a physical TPM chip (but compliant with TPM 2.0 specifications).
- Onboarding and change of ownership management done during the “Stack-and-Rack” phase in the cloud/data center.
- Seamless integration with existing OpenBMC (or equivalent proprietary implementations) without requiring operators to change or modify their existing implementations.
Secure Communications
A unique feature of the solution is the ability to establish encrypted IPSec tunnels, separating the data and management channels for secure remote server management. The encrypted IPSec Tunnels initiated by the SecEdge stack are rooted in the Aspeed AST2600 TrustZone and SecEdge’s TEE. This isolates the communication channel from the rest of the system, significantlyreducing the available attack surface. Multiple encrypted tunnels can be established from the BMC board to multiple end points if needed.
Learn more about how Aspeed and SecEdge are transforming Data Center security HERE.