Microsoft Corp. has unveiled a blueprint for special hardware that will be able to secure server firmware from hackers, and it wants the open-source community to help it out.

The software giant said the new chip and associated hardware will be able to protect firmware from some of the most dangerous threats around, including “malicious insiders,” who are often employees that have administrative privileges or access to hardware, and hackers and malware that exploit bugs in operating systems, applications and hypervisors. The chip could also protect against “supply chain attacks,” which are attempts by hackers to compromise hardware while it’s being manufactured, assembled or shipped.

To build the new chip, which is known as Project Cerberus, Microsoft is looking to use a similar process it used to design its newest cloud server hardware, by making the project open-source in its early stages. The company said things get done much more quickly with the help of external contributors.

Microsoft did this before in October 2016 when it launched Project Olympus, an open-source effort to build a server platform. This was different from earlier hardware-focused open-source projects such as the Facebook-led Open Compute Project, which only creates customized data center specifications rather than designing the actual hardware to be used.

When Microsoft announced Project Olympus, those server designs were only about halfway complete. However, Microsoft announced Wednesday that the server has now been finished, and the hardware is already running in some of its Azure data centers. It’s used to support Microsoft’s fastest cloud virtual machines – the Fv2 Virtual Machine family which is powered by Intel Corp.’s new Xeon Scalable processors and designed for resource-heavy workloads such as deep learning, genomics and scientific analysis.

As for Project Cerberus, this remains a work in progress, but Microsoft said the eventual outcome will be a chip sporting “hardware root of trust specifically designed to provide robust security for all platform firmware.” Microsoft said this includes firmware for motherboards and also peripheral device firmware. The initial blueprint only covers motherboard firmware, however.

“Project Cerberus consists of a cryptographic microcontroller running secure code which intercepts accesses from the host to flash over the SPI bus (where firmware is stored), so it can continuously measure and attest these accesses to ensure firmware integrity and hence protect against unauthorized access and malicious updates,” Kushagra Vaid, Microsoft’s general manager for Azure hardware infrastructure, said in a blog post. “This enables robust pre-boot, boot-time and runtime integrity for all the firmware components in the system.”

Vaid added that Project Cerberus’s scope extends beyond data centers, as it will be able to secure firmware on just about any device including servers, computers and even “internet of things” devices.

Image: anandirc/flickr