OCP Announces Version 1.0 of its Root of Trust (RoT) Specification

The Open Compute Project Foundation (OCP) has released version 1.0 of their Root of Trust (RoT) specification. This model is based on the concept that every OCP device must first have a RoT responsible for verifying the device firmware at boot time. It is meant to keep it authentic & secure during updates, and help recover it when a corruption occurs.

“Root of Trust is foundational to establishing a trusted OCP platform,” said Bill Carter, CTO for the Open Compute Project. “This specification and the future attestation and boot specifications from the OCP Security Project will result in best-in-class platform security. In the future, anyone deploying OCP Accepted products are assured they are deploying a secure & trusted system to run their business.”

The OCP Security project has defined two RoT components. The Platform Active RoT (PA RoT) is the ‘main’ root of trust for the platform. It is responsible for verifying the system firmware, and for verifying the integrity of the peripherals.

The other one is the Active Component RoT (AC RoT), which resides on every peripheral, verifies the integrity of that specific peripheral, and should report back, in a process called attestation, to the platform to prove its integrity. The process for doing that is called peripheral attestation.

OCP Security Project

 Bill Carter
“Root of Trust is foundational to establishing a trusted OCP platform,” said Bill Carter, CTO for the Open Compute Project.

Founded in 2011 by Facebook, Intel, and Rackspace, the Open Compute Foundation’s goal is to apply open source principles to hardware intended for use in data centers and telecommunication facilities. OCP members can publish their own hardware designs via Open Compute. Other participants are allowed to use these designs for building and marketing their own products, while they’re also allowed to develop these designs further. This way, the Open Compute Foundation plans to achieve faster innovation in the field of OCP-based IT hardware development.

“ASPEED Technology supports the efforts of the OCP Security project and would take the recommendations into our BMC and Security Products,” said Dwaka Partani, VP and General Manager at ASPEED Technology. “We’re looking forward to making security a top priority by providing products that meet or exceed the OCP Security requirements.”

“Kameleon has been an active contributor to the Open Compute Security project from day one, and we’re looking forward to raising the bar for data center security, and delivering security from the hardware up,” said Yigal Edery, VP Products of Kameleon. “This week, we’re also happy to announce our collaboration with Xilinx to deliver our ProSPU, a proactive Security Processing Unit that will be an OCP-compliant RoT, and expand that into run-time server protection.”