DULUTH, GEORGIA - AMI®, a global leader in powering, managing and securing the world's connected digital infrastructure through its BIOS, BMC and security solutions, is pleased to announce its participation in a recent publication on BMC security best practices and Hardware Root of Trust (HRoT) / Platform Root of Trust (PRoT) released by the Cloud Security Industry Summit (CSIS), a group of cloud service providers facilitated by Intel® Corporation who share a mission to align on a vision and approach to developing best-of-breed security solutions for their industry.
The paper is titled "A Case for a Trustworthy BMC" and outlines the current state of known hardware vulnerabilities in BMCs, providing a breakdown of its different layers, including hardware, firmware, OS, applications and services so readers can better understand potential threat vectors and risks. It also discusses the landscape of currently available BMC security solutions and provides recommended guidelines and approaches for bolstering BMC security, including a helpful Recommendation Checklist for cloud providers and other interested parties. The paper concludes with a look to future developments as well as some promising trends in the ecosystem and is available now for download on the CSIS website at https://www.cloudsecurityindustrysummit.org/#documents.
In addition to contributing its hardware and platform security expertise to CSIS, AMI offers several security solutions for BMC hardware for true BMC HRoT / PRoT - including a new Security Tech Pack for its popular MegaRAC® SP-X BMC Firmware.
MegaRAC SP-X is a powerful server management solution composed of firmware and software components based on industry standards like IPMI 2.0, Restful APIs, SMASH, Serial over LAN (SOL) and key serviceability features like remote presence, CIM profiles and advanced automation. It is available for all the major System-On-Chip (SoC) designs and supports Intel® / AMD x86, Arm® 64 (including Ampere eMAG™, Marvell and Qualcomm) and IBM POWER® 8/9 architectures.
MegaRAC SP-X also features a high level of modularity, with the ability to easily configure and build the firmware image by selecting features using an intuitive graphical development tool chain. These features are available in independently maintained Technology Packages, for superior manageability of the firmware stack and an expandable solution that supports hooks which allow for OEM customization on top of the AMI solution.
Stefano Righi, Vice President of Global Software, Security Engineering & Services at AMI, commented in this way: "In recent years, AMI has strongly focused its efforts in platform security by integrating the BMC as a core component of PRoT, developing several innovative new products that deliver this capability. Many of our innovations are founded on the concept of the BMC essentially taking the role of ensuring RoT for the entire platform - including the system BIOS firmware, such as our Aptio® V UEFI Firmware. In this way, AMI can deliver increased functionality and value with MegaRAC SP-X and its Security Tech Pack, as it provides RoT support all the way to system firmware like Aptio V."
"AMI is grateful for the opportunity to collaborate with security thought leaders at CSIS and contribute to moving the industry forward together on BMC and cloud security best practices," said Eric Johnson, Engineering Manager of Global Software, Security Engineering & Services at AMI and a contributor to the CSIS workgroup that issued the report. "This document provides meaningful insight into the current state of BMC security and optimism that the challenges can be met – all in a way that that cloud providers can easily grasp and apply."
For more information on AMI Security Solutions for BMC Firmware, including MegaRAC SP-X BMC Firmware and its new Security Tech Pack, please contact AMI via https://ami.com/en/contact-us/ or call 1-800-828-9264.
About the Cloud Security Industry Summit: The Cloud Security Industry Summit (CSIS) is a group of Cloud Service Providers, with a mission to align on a vision and approach to developing best-of-breed security solutions. The group includes members from top Cloud Service Providers, partnering as an industry team and evolving a coordinated approach for improving cloud security from component to system to solution.
All trademarks and registered trademarks are the property of their owners in the US and other countries.
Founded in 1985 and known worldwide for AMIBIOS®, the mission of AMI is to power, manage and secure connected devices by providing best-in-class UEFI and remote management firmware, software and utilities to top-tier manufacturers of desktop, server, mobile and embedded/IoT systems. In line with its technology focus, AMI is a member of numerous industry associations and standards groups, such as the Unified EFI Forum (UEFI), the NIST National Cybersecurity Excellence Partnership (NCEP) and Trusted Computing Group (TCG). Headquartered in Duluth, Georgia, AMI has locations in the U.S., China, Germany, India, Japan, Korea, Taiwan and Hong Kong to better serve its customers.
For more information on AMI, its products or services, call 1-800-U-BUY-AMI or visit ami.com.
Statement of Liability: © 2020 AMI Product specifications are subject to change without notice. Products mentioned may be trademarks or registered trademarks of their respective companies. All rights reserved. No warranties are made, either express or implied, with regard to the contents of this work, its merchantability or fitness for a particular use. This publication contains proprietary information, which is protected by copyright. AMI reserves the right to update, change and/or modify this product at anytime.