Xilinx Partners with Chip Startup on Runtime Security
As the focus on data center security shifts from software and hardware, chip implementations used in servers are expanding beyond security at system boot to vulnerable data “in-use” runtimes.
That’s the goal of a collaboration between FPGA specialist Xilinx Inc. and the fabless semiconductor startup Kameleon Security, which this week announced an industry-compliant “security processing unit.” The ProSPU is billed as among the first processors to comply with Open Compute Project (OCP) security standards released this week for servers, data centers and cloud computing platforms.
The OCP security spec adopts a root-of-trust (RoT) approach requiring that every device must verify its firmware at system boot, keeping it authentic during updates or when a security breach occurs.
The Israeli chip startup said Tuesday (Nov. 10) its collaboration with Xilinx extends that authentication approach to runtime security. The OCP-compliant cyber protection chip integrates Xilinx FPGAs with the secure processor to enforce system security from boot to runtime. The security processor applies RoT security at system boot, then “dynamically” secures computing platforms during runtime.
Launched last year, Kameleon said it is working with Xilinx to launch the ProSPU commercially next year. As a contributor to OCP security specification, the startup said it is also releasing source code used to verify the integrity of peripheral firmware and detect malicious changes.
Hardware-based security approaches continue to gain traction in the enterprise market as the cost of data center security breaches grows.
Kameleon and other chip makers assert that embedding security in hardware as an “isolated implementation” is a better way to establish root of trust that can be extended, according to the startup, all the way up the stack.
“Keeping firmware integrity is critically important, but security is not complete until the firmware itself is improved to minimize chances of vulnerabilities,” the OCP said this week in releasing its version 1.0 specs for achieving system root of trust.
AMD (NASDAQ: AMD) and Google launched a similar data center security initiative this past summer built around a “confidential VM” security framework. The confidential computing initiative uses encrypted virtualization to secure data “in use”.
The security platform is based on AMD’s latest Epyc processors incorporating hardware-based encryption in the chip makers’ latest “Zen 2” Core architecture.
AMD announced its intention last month to acquire Xilinx in all-stock transaction valued at $35 billion.
AMD is expected to announce another joint development agreement on confidential computing and AI later this week.
Related
George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).