Supply chain security for servers and chips at the heart of HPE and Intel collaboration
Hewlett Packard Enterprise Co. and Intel delivered a double-barreled announcement in early January when the two industry giants unveiled an expansion of the HPE ProLiant Gen11 next-generation portfolio and 4th Gen Xeon Scalable processors on the same day.
The timing of the two releases was not accidental. The latest iteration of the Xeon chip platform will power the latest HPE server line, integrating trusted security by design among numerous features for optimized server performance.
“This is just a moment in time when we’re all working toward solving a problem that doesn’t stop,” said Cole Humphreys (pictured, right), global server security product manager at HPE. “The more control and trust we can give to our customers will make it a little easier in protecting whatever job they are trying to do. Partnering with a tier one OEM, one of the best in the industry, we can deliver systems that help protect some of the most critical infrastructure on earth.”
Humphreys spoke with theCUBE industry analyst John Furrier during the “Trusted Security by Design, Compute Engineered for Your Hybrid World” event, in an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. He was joined by Mike Ferron-Jones (pictured, left), go-to-market lead of platform security and integrity at Intel, and they discussed how the two firms are collaborating to support supply chain safety. (* Disclosure below.)
Providing tamper-free processors
Both companies have been heavily focused on supply chain security. Maintaining integrity of the supply chain has become increasingly more important as systems have become more complex, with significant numbers of components and suppliers involved.
“We have been intensely investing to make sure when a customer gets an Intel processor or any other Intel silicon product, it has not been tampered with or altered during its trip through the supply chain,” Ferron-Jones said. “HPE is able to pick up those components that we deliver and add onto that their own supply chain assurance when it comes down to delivering the final product to the customer.”
A key element in this process of supply chain protection involves an investment in hardware root of trust technology. Through tools such as Intel Boot Guard to provide hardware-based boot integrity, HPE can provide Integrated Lights-Out services that allow customers to securely configure and monitor servers seamlessly from anywhere in the world.
“HPE and Intel work together to make sure that when a customer boots that platform up, it boots up a known good state so that it is ready for the customer’s workload,” Ferron-Jones said. “Intel Boot Guard can feed into the HPE iLO system to help create that chain of trust that’s rooted in silicon.”
Avoiding software intrusion
In an effort to protect against various malware threats, Intel has implemented Control-Flow Enforcement Technology. Initially launched by the chipmaker in 2020, CET is designed to guard against the hijacking of legitimate code through the use of control-flow attacks.
Rather than injecting whole classes of malware that could be spotted by many security tools, threat actors can target small bits of code on systems for exploit. Attackers leverage control mechanisms to look for segments of server code they can then execute in a particular order to achieve a malicious outcome.
“What CET does is it gets in there and disrupts those control mechanisms,” Ferron-Jones said. “CET can disrupt it and make sure the software behaves safely and as the programmer intended. It’s going to be an inherent characteristic that customers can benefit from when they buy a new Gen11 HPE server.”
HPE also relies on a series of activities built into its ProLiant production process to guard against potential supply chain incursion.
“As part of the Gen11 launch, we have security services that allow servers to be hardened from our factory to the next stage in the trusted partner ecosystem for system integration or directly to customers,” Humphreys said. “We’re putting in cryptographic identities and manifests of the server and its components and moving it through the supply chain. We deliver secure solutions as we move servers along, and you’re able to see and control that information to verify that they’ve not been tampered with.”
Here’s the complete video interview, part of theCUBE’s coverage of the “Trusted Security by Design, Compute Engineered for Your Hybrid World” event:
(* Disclosure: TheCUBE is a paid media partner for “Trusted Security by Design, Compute Engineered for Your Hybrid World” event. Neither Hewlett Packard Enterprise Co., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU