Protecting Against Permanent Denial of Service Attacks
As security protections advance, attacks are becoming increasingly sophisticated, including targeting the low-level platform firmware. Permanent Denial of Service attacks alter the platform firmware to potentially brick the server in a way that requires manual, server-by-server remediation. This could result in data center downtimes measured in days and weeks, potentially impacting millions of users. Data Center owners need the ability to ensure critical platform firmware is resilient against disruption.
Supporting Industry Guidelines
The National Institute of Standards and Technology (NIST) introduced the NIST 800-193 guidelines for building firmware resilient capable servers. The NIST 800-193 guidelines emphasize that a firmware resilient system begins with a platform root of trust, and Intel has been a key contributor into developing this space. Intel recognizes that our partners and customers are looking for solutions to meet the NIST guidelines for firmware resilient servers.
Introducing Intel® Platform Firmware Resilience
Intel® Platform Firmware Resilience (Intel® PFR) is an Intel FPGA-based solution, (Intel® MAX® 10 FPGA), that helps protect the various platform firmware components. Intel is contributing this capability as an available option on our 3rd-Gen Intel® Xeon® Processor Platforms for those looking for an integrated solution that may not otherwise be available from their platform vendor of choice.
Intel® PFR monitors and filters malicious traffic on the system buses. It also verifies the integrity of platform firmware images before any firmware code is executed. And most significantly, it can even restore corrupted firmware automatically from a protected known-good recovery image. Data center owners now have additional options to help protect against permanent denial of service firmware attacks with Intel® Platform Firmware Resilience.
Intel is committed to open sourcing our root of trust solution in order to provide transparency to our industry partners. Implementing the platform root of trust with the Intel® MAX® 10 FPGA provides both a very customizable and highly transparent solution. Intel has contributed Intel® PFR to the industry as another platform root of trust option for system builders. Intel is working with data center industry leaders to continue to improve Intel® PFR and to collaborate on future root of trusts solutions.