9.3 C
New York
Wednesday, November 27, 2024

Microsoft Azure confidential ledger: Enhancing buyer belief in Azure’s {hardware} provide chain | Azure Weblog


Microsoft Azure {hardware}’s safety posture is foundational to the safety guarantees we make to our prospects. The availability chain of Microsoft Azure servers depends on a multifaceted and complicated ecosystem of companions throughout silicon manufacturing, meeting, techniques integration, transit, and operationalization in knowledge facilities. A number of interplay factors throughout this provide chain pose vital threats to the safety and integrity of an Azure server touchdown in manufacturing. These dangers embrace firmware tampering, {hardware} tampering, set up of malicious code or spyware and adware, weakened safety controls, and lots of extra. We at Microsoft consider it’s crucial to construct mechanisms to proactively detect and remediate such points throughout the early phases of product improvement or earlier than servers dock in an information heart.  

{Hardware} Root-of-Belief (RoT) units resembling Cerberus and Trusted Platform Module are the cornerstone for establishing foundational belief on {hardware} elements in our cloud. This ensures the authenticity and integrity of those elements and their firmware with traceability all the best way again to silicon manufacturing. One of the best ways to perform our goal is to confirm “provenance” of our servers all through their lifecycle from manufacturing unit to manufacturing utilizing {hardware} RoT gadget identities. In the course of the silicon manufacturing course of, the gadget id is securely extracted and annotated to uniquely establish trusted units. This mitigates the chance of “rogue” units discovering their approach into the Azure fleet undetected (Determine 1). Lenovo is considered one of our main provider companions which are pushing the boundaries of safe provide chain with us.

To additional defend these {hardware} RoT identities on which we anchor the chain of belief, we leverage the energy of enclaves and the Confidential Consortium Framework with Microsoft Azure confidential ledger to integrity-protect our provider provenance database. Study extra about our firmware integrity protections.

Azure confidential ledger integrity protects current databases and purposes by performing as a point-in-time supply of reality which supplies cryptographic proofs in verification eventualities. Particularly, saved knowledge is just not solely immutable and tamper-proof within the append-only ledger however can be independently verifiable. It is usually helpful as a repository of audit trails or data that must be saved intact and selectively shared with sure personas. Knowledge logged within the ledger stays immutable, privacy-enhanced, and shielded from insider threats inside a company and even the cloud supplier.  

On this state of affairs, Azure confidential ledger supplies industry-leading tamper-evidence capabilities to find out if any unauthorized manipulations have occurred with these delicate gadget identities. At completely different closing dates, verification checks are executed in opposition to the Azure confidential ledger to make sure that the information is constant and pristine. Utilizing this know-how additionally mitigates tampering dangers from extremely privileged Azure operators. 

Flowchart of Provenance Verification using Hardware Root-of-Trust Identities.
Determine 1: Azure confidential ledger protects provenance verification utilizing {hardware} root-of-trust identities. 

Azure confidential ledger is used to gentle up a crucial infrastructure safety state of affairs—Challenge Odyssey. Challenge Odyssey goals to cryptographically confirm the provenance of {hardware} RoT units (hooked up to servers) as they undertake their journey from OEM flooring to Microsoft Azure knowledge facilities and all through their manufacturing lifecycle. As a part of the manufacturing workflow, suppliers add a signed manifest of {hardware} RoT identities right into a trusted ‘provenance database’ that makes use of tamper-evident Azure confidential ledger integration. Because the units are assembled into elements, blades, and racks, their identities could be verified at every step of the availability chain course of. After lengthy journeys by air, land, and sea, the assembled racks arrive at Microsoft Knowledge Facilities the place they bear extra checks to make sure that they weren’t tampered with throughout transit. Lastly, when a server is prepared for manufacturing, it undergoes attestation the place its {hardware} RoT id could be re-verified earlier than permitting it to hitch the manufacturing atmosphere and host buyer workloads. Servers are anticipated to bear this course of periodically guaranteeing that the {hardware} elements keep compliant all through their lifecycle, thereby guaranteeing that malicious and unauthorized swapping of blades and motherboards is detected, and non-compliant servers could be tagged for eviction, investigation, and remediation. 

This is just one piece of our general {hardware} safety story. Microsoft Azure has developed complete safety necessities to allow safety capabilities resembling safe boot, safe replace, attestation, restoration, encryption, and telemetry to make sure Azure {hardware} is resilient to such assaults by way of strong capabilities round prevention, detection, and response.  

Learn extra about how we safe Microsoft Azure’s {hardware} and firmware

At Microsoft, a core a part of our tradition is leveraging the work of one another to ship industry-leading safety to our prospects with a protection in-depth method. Azure {hardware} gadget provenance and provide chain safety is a basic constructing block of our foundational safety stack. By means of cryptographic provenance verification of Azure {hardware} through Challenge Odyssey and extra defense-in-depth protections of {hardware} gadget identities utilizing Azure confidential ledger, we’re setting the gold normal in cloud {hardware} provide chain safety to learn our prospects.


“Lenovo’s key precedence is to confirm and make sure the end-to-end safety and traceability for Microsoft cloud {hardware}. By implementing this course of in each our element and system integration factories, not solely can we belief that the {hardware} we obtain from downstream ODM/OEM suppliers is secured and trusted, however we are able to add the Lenovo fingerprint knowledge to the chain of belief, which helps guarantee Microsoft that the {hardware} acquired by knowledge facilities is absolutely secured and reliable. 

Integrating this answer into the Lenovo international provide chain workflow was exceptionally easy due to the thorough documentation and examples that the Microsoft workforce maintains on an ongoing foundation. Assuring the integrity and traceability of information in Azure confidential ledger permits Lenovo to deal with course of and product high quality, with no need to spend additional improvement cycles engaged on an in-house safety answer.”—James McFadden, Government Director, Provide Chain High quality & Engineering, Lenovo.

Study extra



Related Articles

Latest Articles