BIOS & BMC Firmware and More


Industry-leading firmware products born from AMI technology and innovation

Aptio V UEFI BIOS Firmware

POWER

Next Generation UEFI BIOS Firmware

Full support for the latest UEFI specifications and the security, fast boot and touch support that today's platforms require.

MegaRAC BMC Firmware

MANAGE

Complete, Scalable Management Tools

Remote/resource management that is hyper-scalable, based on industry standards like IPMI, Redfish™ and Intel® Rack Scale Design.

Security Services and Solutions

SECURE

Security Services and Solutions

Security advisories, mitigation, deloyment of patches and signing services...

Press Releases

AMI Introduces New AMI TruE Platform Security Solution for Establishing a Trusted Cloud Execution Environment in the Enterprise and Data Center

December 1, 2020:

DULUTH, GEORGIA - AMI®, a global leader in powering, managing and securing the world's connected digital infrastructure through its BIOS, BMC and security solutions, is pleased to introduce its new AMI TruE™ Platform Security Solution for establishing a trusted environment for cloud execution in the enterprise and data center.

As platforms operating in data center and enterprise environments become more complex and more of their onboard components require their own firmware, the need to verify and secure platform firmware has never been more important. Now, with security issues becoming more widespread at the firmware level, organizations must be able to ensure the integrity of their platform firmware from installation and bootup. To meet these growing needs, the new AMI TruE Platform Security Solution from AMI delivers holistic data center security solutions using Intel® Security Technologies and Intel® Security Libraries for Data Centers to provide a true trusted environment for cloud execution.

Platform Integrity Requires All Firmware on the Platform to be Trusted

To know with certainty that sensitive workloads running in the data center are only executing on trusted nodes, a fundamental level of trust must be established for every platform in operation. By extension, ensuring this fundamental level of trust requires that the integrity of all the firmware and software on the platform must also be verified.

AMI TruE helps data centers secure platforms throughout the entire platform life cycle by providing end-to-end firmware security and verification across the data center and integrating with other data center management and orchestration tools to provide a holistic view of platform firmware security for all servers in use. Supply chain attacks can be easily avoided by attesting the shipped firmware and software hash information of new platforms with an attestation server upon installation into an existing trusted environment. After deployment, server trust validation continues to attest the integrity of the firmware and software running across the enterprise.

All Software and Firmware on the Platform Must be Attested as Coming from a Trusted Source

To attest all firmware and software on a given platform, the AMI TruE Platform Security Server communicates with a Trust Agent that runs on the platform's operating system. The Trust Agent collects firmware and software hash information stored in the platform's Trusted Platform Module (TPM). The AMI TruE Platform Security Server compares the hash information from the platform's TPM with a list of known good hash values to determine the trust level and whether the platform can be trusted.

As an additional security layer, an attestation server - available from AMI as part of AMI TruE or through other third-party solutions - is installed and managed in the data center and retains all the various hash information collected across the data center, tracking the trust level of each. When a platform is verified to be untrusted, it can then be scheduled for automatic firmware updates based upon the data center’s policy.

For higher-level automation, visibility and workload balancing, AMI TruE can also be configured with a management server such as the AMI TruE Management Server featured as part of the AMI TruE solution or integrated with cloud orchestration software such as Kubernetes®. Doing so enables the management server to manage the attestation server and cloud orchestration and provide an aggregate overview of the platform trust status of all the servers in the environment by consuming AMI TruE APIs.

Sanjoy Maity, Chief Executive Officer of AMI, commented that "The main barrier to cloud adoption by more enterprises is security in the cloud – whether it is from data leakage, data privacy, confidentiality concerns, legal and regulatory compliance or data sovereignty. Our new AMI TruE Platform Security Server helps to break this barrier by ensuring that workloads with sensitive information only run on trusted nodes. Like many of our AMI security products, AMI True is a firmware security solution that can protect the platform down to the most critical and essential level. This kind of protection is of vital importance now more than ever; since high-level software is becoming increasingly secure, more attacks are now focusing on lower-level platform firmware, aiming to compromise the platform and potentially disrupt the critical infrastructure on which we all depend."

For more information about AMI TruE Platform Security Solution, please contact AMI via https://ami.com/en/contact-us/ or call 1-800-828-9264 to speak with an AMI Security Solutions expert.

NIST® is a registered trademark of the U.S. Department of Commerce's National Institute of Standards and Technology. Intel® is a registered trademark of Intel Corporation or its subsidiaries. Kubernertes® is a registered trademark of the Linux Foundation in the United States and other countries and is used pursuant to a license from the Linux Foundation. All other trademarks and registered trademarks are the property of their respective owners.

AMI and Lattice Semiconductor Announce Joint Platform Firmware Resiliency Security Solution: AMI PlatFire Firmware with Lattice Sentry Solutions ...

November 19, 2020:

DULUTH, GEORGIA / HILLSBORO, OREGON - AMI®, a global leader in powering, managing and securing the world's connected digital infrastructure through its BIOS, BMC and security solutions, and Lattice Semiconductor, the low power programmable leader, are pleased to announce a new jointly-developed platform firmware security solution, AMI PlatFire™ Firmware with the Lattice Sentry™ solutions stack. The solution enables developers to quickly and easily implement system-level cyber resiliency that is pre-validated as compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP 800-193), making it easy for developers with limited hardware security expertise or limited time-to-market to implement PFR on the latest industry-standard server platforms.

The solution combines technology from two of the leading names in PFR - AMI and Lattice Semiconductor - to bring the industry an integrated, fully-featured, pre-verified and secure Platform Root-of-Trust (PRoT) solution that is flexible, scalable, low cost, and easy to implement. The solution uses the Lattice Sentry stack, featuring a low-power Lattice MachXO3D™ secure control FPGA running pre-verified, PFR-compliant IP, to implement a PRoT on a server's motherboard. The AMI PlatFire firmware then orchestrates the connection between the PRoT and other on-board components, such as SoCs and RoCs, to confirm the firmware they are running is valid.

"We're excited by the growing interest from customers across markets in implementing PFR to protect their systems. Pairing our Sentry solutions stack with AMI's new PlatFire firmware provides a comprehensive, system-level PFR solution that helps developers quickly and easily protect their system firmware, making PFR support possible for a larger potential customer base," said Esam Elashmawi, Chief Strategy and Marketing Officer, Lattice Semiconductor.

Sanjoy Maity, Chief Executive Officer of AMI, added that "Our AMI PlatFire PRoT firmware provides customers an affordable, flexible and comprehensive alternative to existing competitor solutions. By partnering with Lattice Semiconductor to deliver AMI PlatFire on a secure Lattice MachXO3D FPGA with the Lattice Sentry Security stack and a full suite of design and development tools, together we can offer complete system security that is fully compliant with NIST PFR Guidelines and is host CPU vendor agnostic - so customers don't have to feel locked into a particular ecosystem or platform to have a secured system."

Firmware Security Trends are Changing Faster than Ever

Firmware is an increasingly popular attack vector; the National Vulnerability Database reported that between 2016 and 2019 the number of firmware vulnerabilities grew over 700 percent1. The NIST PFR guidelines were written to help developers understand how to protect legitimate firmware, detect unauthorized firmware, and restore compromised firmware to a known good state by establishing a PRoT. PRoT solutions validate platform firmware at boot to ensure it has not been modified illegitimately. Currently, developers with PFR design expertise are in limited supply, and OEMs requiring support for PFR often have strict time-to-market requirements that preclude developing a PFR solution from scratch. Recognizing these trends, AMI and Lattice worked together to deliver a tightly integrated, pre-validated PFR solution. It provides a robust PRoT, for real-time I2C bus and SPI monitoring of both BIOS and BMC SPIs, so from the moment a system boots all transactions over the SPI bus are monitored.

What is AMI PlatFire?

AMI has applied its 35 years of deep expertise in BIOS and BMC firmware development to deliver a robust PFR solution designed to detect, protect and recover firmware from unauthorized modification. As implemented in the AMI-Lattice joint solution, the PlatFire firmware executing on the Lattice MachXO3D with the Lattice Sentry solution stack orchestrates the connection between the solution's PRoT and all other ICs on the motherboard. Moreover, AMI PlatFire firmware is host CPU-agnostic, to give system developers greater flexibility in supporting the CPU requirements of their chosen server platform.

Thanks to its seamless integration with Aptio® UEFI Firmware and MegaRAC® SPX BMC Firmware from AMI, AMI PlatFire delivers a truly turnkey PFR solution - making use of the Lattice MachXO3D IP blocks to support detection and recovery of platform firmware, together with runtime monitoring of SPI flash memory used to store the platform firmware.

What is Lattice Sentry?

The Lattice Sentry solutions stack delivers a robust combination of customizable embedded software, reference designs based on the Lattice MachXO3D secure control FPGA, IP, and development tools to accelerate the implementation of secure systems compliant with PFR guidelines. As the system controller, the MachXO3D is the first component to execute code and attest power sequencing logic at system startup, making it an ideal platform for establishing a PRoT. Thanks to the MachXO3D FPGA's parallel processing architecture and flash memory, the device monitors for and detects attacks in real time - a truly groundbreaking innovation as real time monitoring is currently beyond the processing capabilities of competing PRoT solutions like MCUs.

For more information on the joint AMI PlatFire™ PRoT Firmware on Lattice Sentry solutions stack, please call 1-800-828-9264 to speak with an AMI Security Solutions expert or contact us via https://ami.com/en/contact-us/.

For more information about Lattice Sentry, please visit https://www.latticesemi.com/latticesentry.

About Lattice Semiconductor
Lattice Semiconductor (NASDAQ: LSCC) is the low power programmable leader. We solve customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive, and consumer markets. Our technology, long-standing relationships, and commitment to world-class support lets our customers quickly and easily unleash their innovation to create a smart, secure and connected world.

1Source: National Vulnerability Database (2016 and 2019)

MachXO3D™ is a trademark of Lattice Semiconductor Corporation. All other trademarks and registered trademarks are the property of their respective owners.

AMI Named as a Collaborator in NIST National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity Project

November 18, 2020:

DULUTH, GEORGIA - AMI®, a global leader in powering, managing and securing the world's connected digital infrastructure through its BIOS, BMC and security solutions, is pleased to be named as a collaborator in the new NIST® National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity Project.

AMI joins an impressive roster of technology providers and industry experts to collaborate on the project - including AT&T, CableLabs, Cisco, Dell Inc., Intel, Keysight, MiTAC, Nokia, Palo Alto Networks and T-Mobile - as they work together with the NCCoE 5G team to identify several 5G use case scenarios and demonstrate how the components of the 5G architecture can provide security capabilities to mitigate identified risks and meet industry sectors' compliance requirements.

Through a Cooperative Research and Development Agreement with NIST, these organizations will form a consortium in which they will each contribute their expertise and hardware or software to help refine a reference design and build example standards-based solutions. This project will result in a publicly available NIST Cybersecurity Practice Guide in the Special Publication 1800 series, a detailed guide describing the practical steps needed to implement a cybersecurity reference design.

Sanjoy Maity, Chief Executive Officer of AMI, expressed his pleasure at the news by saying, "We are delighted to be a participant in the NCCoE 5G Cybersecurity project. This announcement once again highlights our deep commitment to security across all sectors of the compute, cloud and connected devices ecosystems. AMI looks forward to working together with the NIST team and this stellar group of industry leaders over the coming months to deliver the forthcoming NIST Cybersecurity Practice Guide, which will help build a solid foundation of security best practices for the dawning era of 5G communications and give actionable, practical guidance and solutions to the industry as they design the next generation of networks and transform our world."

For more information about the NIST NCCoE 5G Cybersecurity project, please visit the 5G project page at https://www.nccoe.nist.gov/projects/building-blocks/5g-cybersecurity. To receive news and information about the progress of the project, please join the 5G Community of Interest by emailing 5g-security@nist.gov.

For more information on AMI Security Solutions, please contact AMI via https://ami.com/en/contact-us/ or call 1-800-828-9264 to speak with an AMI Security Solutions expert.

About the NIST National Cybersecurity Center of Excellence
The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses' most pressing cybersecurity issues. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges. Through consortia under Cooperative Research and Development Agreements (CRADAs), the NCCoE applies standards and best practices to develop modular, easily adaptable example cybersecurity solutions using commercially available technology. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cybersecurity Framework and details the steps needed for another entity to recreate the example solution.

NIST® is a registered trademark of the U.S. Department of Commerce's National Institute of Standards and Technology. All other trademarks and registered trademarks are the property of their owners in the US and other countries.

AMI Announces Support for Intel Memory Failure Prediction Capabilities in Aptio V UEFI Firmware and MegaRAC BMC Firmware

November 16, 2020:

DULUTH, GEORGIA - AMI®, a global leader in powering, managing and securing the world's connected digital infrastructure through its BIOS, BMC and security solutions, is pleased to announce support for Intel Memory Failure Prediction (Intel MFP) capabilities in its Aptio® V UEFI Firmware and MegaRAC® BMC Firmware.

Intel MFP, optimized for Intel Xeon Scalable platforms, is specifically designed to improve customers' datacenter uptime and total cost of operation (TCO) by predicting DDR4 memory failures. For Aptio V UEFI Firmware, the Intel MFP solution comes in the form of the IntelMfpSupport eModule and includes OEM IPMI command additions. For MegaRAC BMC Firmware this support is available as an Option Pack, which includes code to process the memory errors complemented by the DIMM Health Assessment Model (DHAM) from Intel, along with periodic module updates.

As part of this initiative, AMI is authorized to provide the same world-class technical support for the Aptio V eModule and the MegaRAC Option Pack that is represented by all AMI products. Moreover, both AMI and Intel will continue to offer information and training for customers considering integration of these value-added firmware solutions.

The Benefits of Intel MFP

DIMM failures are one of the most common causes of server downtime, notorious for severely impacting system reliability, availability and serviceability (RAS). These failures can be caused by a wide range of sources beyond normal use, such as manufacturing defects or extreme environmental or operating conditions. While currently accepted techniques such as Error Correcting Code (ECC) and correctable errors threshold-based Predictive Failure Analysis (PFA) help overcome some correctable errors with DIMM, they have cost, reliability, coverage and performance implications - and cannot help to overcome uncorrectable errors.

As a more complete solution, Intel MFP features several innovative and original capabilities. It predicts micro-level failures in rows, columns and cells based on historical data, using a low-overhead online learning method to improve its prediction accuracy and avoid interfering with critical compute tasks. This also enables Intel MFP to generate an estimated memory health score for proactive memory failure management.

For datacenters and cloud service providers, the benefits of adding Intel MFP support in Aptio V UEFI Firmware and MegaRAC BMC Firmware are clear and immediate. Datacenter service level agreements (SLA) are improved, DIMM failure rates are reduced through proactive memory health evaluation and enhanced memory page offlining policies, and most importantly, higher DIMM performance and reliability optimizes workload and VM migration decision-making to boost efficiency, flexibility and TCO.

To highlight the benefits of Intel MFP in the datacenter, an Intel case study conducted with Tencent, the leading provider of cloud services in the APAC region, identified a five-fold improvement in DIMM failure prediction and reduced downtime, as well as fewer unnecessary DIMM replacement and upgrade expenses. A similar case study carried out by Intel with Meituan, the leading eCommerce services provider in the APAC region, revealed that Intel MFP could enable Meituan to reduce server crashes caused by memory failure by up to 40% through intelligent analysis of server memory health and proactive memory failure prediction.

Sanjoy Maity, Chief Executive Officer of AMI, commented that "AMI is commited to adopting ground-breaking technologies from industry drivers like Intel that make our products more relevant and effective for datacenter and cloud services end-users. This commitment has been a key component of our long-standing and successful relationship with Intel from the very beginning. Now, our new Aptio V IntelMfpSupport eModule and MegaRAC BMC Firmware Option Pack featuring lntel MFP support are a simple and effective way for OEMs and ODMs to add enhanced DDRAM failure prediction capabilities into their designs and deliver the improved RAS and SLAs that their customers demand."

"Improving server uptime and lowering TCO is a core component of our mission to support the datacenter and cloud services ecosystems," said Jeff Klaus, General Manager, Data Center Management Solutions Group at Intel. "AMI's distribution and support for Intel MFP technology in its Aptio V UEFI and MegaRAC BMC firmware solutions will help datacenter operators focus on delivering differentiated services and help avoid costly, disruptive memory failure-related downtime."

For more information on the Aptio V IntelMfpSupport eModule and MegaRAC BMC Firmware Option Pack featuring Intel MFP capabilities, please call 1-800-828-9264 to speak with an AMI expert or contact us via https://ami.com/en/contact-us/.

Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Memory failure prediction results provided through the use of Intel MFP are estimated and may vary based on differences in system hardware, software, or configuration. Results are derived using multi-dimensional models and algorithms to predict potential memory failures and do not constitute a representation or guarantee regarding memory failure.

AMI Joins Industry Leaders in Cloud Security Industry Summit (CSIS) Publication to Promote BMC Security Best Practices

November 13, 2020:

DULUTH, GEORGIA - AMI®, a global leader in powering, managing and securing the world's connected digital infrastructure through its BIOS, BMC and security solutions, is pleased to announce its participation in a recent publication on BMC security best practices and Hardware Root of Trust (HRoT) / Platform Root of Trust (PRoT) released by the Cloud Security Industry Summit (CSIS), a group of cloud service providers facilitated by Intel® Corporation who share a mission to align on a vision and approach to developing best-of-breed security solutions for their industry.

The paper is titled "A Case for a Trustworthy BMC" and outlines the current state of known hardware vulnerabilities in BMCs, providing a breakdown of its different layers, including hardware, firmware, OS, applications and services so readers can better understand potential threat vectors and risks. It also discusses the landscape of currently available BMC security solutions and provides recommended guidelines and approaches for bolstering BMC security, including a helpful Recommendation Checklist for cloud providers and other interested parties. The paper concludes with a look to future developments as well as some promising trends in the ecosystem and is available now for download on the CSIS website at https://www.cloudsecurityindustrysummit.org/#documents.

In addition to contributing its hardware and platform security expertise to CSIS, AMI offers several security solutions for BMC hardware for true BMC HRoT / PRoT - including a new Security Tech Pack for its popular MegaRAC® SP-X BMC Firmware.

MegaRAC SP-X is a powerful server management solution composed of firmware and software components based on industry standards like IPMI 2.0, Restful APIs, SMASH, Serial over LAN (SOL) and key serviceability features like remote presence, CIM profiles and advanced automation. It is available for all the major System-On-Chip (SoC) designs and supports Intel® / AMD x86, Arm® 64 (including Ampere eMAG™, Marvell and Qualcomm) and IBM POWER® 8/9 architectures.

MegaRAC SP-X also features a high level of modularity, with the ability to easily configure and build the firmware image by selecting features using an intuitive graphical development tool chain. These features are available in independently maintained Technology Packages, for superior manageability of the firmware stack and an expandable solution that supports hooks which allow for OEM customization on top of the AMI solution.

Stefano Righi, Vice President of Global Software, Security Engineering & Services at AMI, commented in this way: "In recent years, AMI has strongly focused its efforts in platform security by integrating the BMC as a core component of PRoT, developing several innovative new products that deliver this capability. Many of our innovations are founded on the concept of the BMC essentially taking the role of ensuring RoT for the entire platform - including the system BIOS firmware, such as our Aptio® V UEFI Firmware. In this way, AMI can deliver increased functionality and value with MegaRAC SP-X and its Security Tech Pack, as it provides RoT support all the way to system firmware like Aptio V."

"AMI is grateful for the opportunity to collaborate with security thought leaders at CSIS and contribute to moving the industry forward together on BMC and cloud security best practices," said Eric Johnson, Engineering Manager of Global Software, Security Engineering & Services at AMI and a contributor to the CSIS workgroup that issued the report. "This document provides meaningful insight into the current state of BMC security and optimism that the challenges can be met – all in a way that that cloud providers can easily grasp and apply."

For more information on AMI Security Solutions for BMC Firmware, including MegaRAC SP-X BMC Firmware and its new Security Tech Pack, please contact AMI via https://ami.com/en/contact-us/ or call 1-800-828-9264.

About the Cloud Security Industry Summit:
The Cloud Security Industry Summit (CSIS) is a group of Cloud Service Providers, with a mission to align on a vision and approach to developing best-of-breed security solutions. The group includes members from top Cloud Service Providers, partnering as an industry team and evolving a coordinated approach for improving cloud security from component to system to solution.

All trademarks and registered trademarks are the property of their owners in the US and other countries.

AMI in the News

TOP