{"id":917,"date":"2023-04-10T23:31:46","date_gmt":"2023-04-11T03:31:46","guid":{"rendered":"https:\/\/ami2025dev.wpenginepowered.com\/securing-arm-based-servers-with-platform-firmware-resiliency\/"},"modified":"2025-12-10T17:21:46","modified_gmt":"2025-12-10T17:21:46","slug":"securing-arm-based-servers-with-platform-firmware-resiliency","status":"publish","type":"project","link":"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/","title":{"rendered":"Securing Arm\u00ae-based Servers with Platform Firmware Resiliency"},"content":{"rendered":"<p>In a <a href=\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/ICT-Supply-Chain-Report_0.pdf\">February 2022 supply chain security report<\/a> issued by the Department of Homeland Security, platform firmware was referred to as, \u201cone of the stealthiest methods in which an attacker can compromise devices at scale.\u201d The reason is that compromised firmware sitting on the device or system motherboard cannot be detected by security applications running on the operating system. Consequently, this quiet method of intrusion is on the rise today, with cyber criminals focused on potentially taking control of a wide array of platforms.<\/p>\n<h6><em>AMI Tektagon\u2122 XFR Platform Root of Trust (PRoT) Firmware Resilience on Arm-based Platforms<\/em><\/h6>\n<p>In order to secure platform firmware, the platform-agnostic <a href=\"https:\/\/www.ami.com\/tektagon\/\">AMI Tektagon<\/a> XFR PRoT solution is a perfect fit. This solution leverages the <a href=\"https:\/\/www.latticesemi.com\/Products\/FPGAandCPLD\/Mach-NX\">Lattice\u2122 Mach-NX<\/a> Series, a low-power FPGA Hardware Root of Trust (HRoT) controller to detect, recover and protect against host firmware intrusions for total firmware resiliency. Additionally, for heightened system security, AMI Tektagon XFR delivers firmware attestation to peripheral devices as well as those on the motherboard. This complete PRoT solution is offered across all major platforms including Arm-based systems.<\/p>\n<p>As cloud and on-premises data centers meet greater demands, it is crucial that there are more systems that can support the performance, scalability, and sustainability requirements with greater manageability. Meeting these demands are the Arm-based platforms, such as that provided in the <a href=\"https:\/\/amperecomputing.com\/processors\/ampere-altra\">Ampere Altra processor servers<\/a>. Architected to meet the greatest functionality demands, these Arm-based platforms can provide all the necessary components to support a fully resilient PRoT solution, on the motherboard as well as peripheral devices.<\/p>\n<h6><em>What will be Revealed by AMI and Arm at the OCP Regional Summit?<\/em><\/h6>\n<p>At the <a href=\"https:\/\/www.opencompute.org\/summit\/regional-summit\">Open Compute Project\u2019s Regional Summit<\/a> in Prague on April 19th and 20th, AMI and <a href=\"https:\/\/www.arm.com\/zh-TW\/markets\/computing-infrastructure\/high-performance-computing\">Arm<\/a> will reveal AMI Tektagon XFR, deployed on a <a href=\"https:\/\/www.broadcom.com\/products\/storage\">Broadcom PCIe Card<\/a> connected to an Arm-based, Ampere Alta processor platform. The solution will show a secure system boot with device attestation using SPDM for active system management.<\/p>\n<p>During the pre-boot phase, Tektagon XFR will initialize with the SPDM device to the Broadcom controller. Once the communication is established, the solution will verify the correct device manufacturer through a certificate exchange. Lastly, Tektagon XFR will run an attestation on signed measurements from the device, comparing it to known \u201cgood\u201d values. With a successful attestation, the system will be released to boot. If attestation is unsuccessful, the system will be held at reset.<\/p>\n<p>In addition to the demonstration, AMI and Arm will have a technical presentation about \u201cSecure System Design on Arm using Platform Root of Trust (PRoT).\u201d The session will be held at 9:30 am on April 20th.<\/p>\n<h6><em>Please Join AMI\u2019s Booth Number A15 for the Demo Experience<\/em><\/h6>\n<p>Interested in viewing this live demo? Participants can find this and other demonstrations in the AMI booth <strong>(A15)<\/strong>, at the OCP Regional Summit on April 19th and 20th. Stop by and engage with us for further discussions.<\/p>\n<h6><em>About AMI Tektagon XFR<\/em><\/h6>\n<p>AMI Tektagon XFR is a fully NIST 800-193 compliant integrated PRoT solution that is cost-effective, scalable, compatible, and easy to implement. The solution leverages a Lattice Mach-NX Series, a low-power FPGA controller to deliver pre-verified, PFR-compliant functionality, to a server\u2019s motherboard and peripheral devices. Features of the Tektagon XFR solution include image validation, firmware attestation, and recovery, to deliver full firmware resiliency.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a February 2022 supply chain security report issued by the Department of Homeland Security, platform firmware was referred to as, \u201cone of the stealthiest methods in which an attacker can compromise devices at scale.\u201d The reason is that compromised firmware sitting on the device or system motherboard cannot be detected by security applications running [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":918,"comment_status":"open","ping_status":"open","template":"","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","content-type":"","footnotes":""},"project_category":[1499],"project_tag":[1567,1546,1639,1635],"class_list":["post-917","project","type-project","status-publish","has-post-thumbnail","hentry","project_category-blog","project_tag-firmware","project_tag-firmware-security","project_tag-security","project_tag-tektagon","topics-tektagon"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.1 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Securing Arm\u00ae-based Servers with Platform Firmware Resiliency - AMI<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing Arm\u00ae-based Servers with Platform Firmware Resiliency\" \/>\n<meta property=\"og:description\" content=\"In a February 2022 supply chain security report issued by the Department of Homeland Security, platform firmware was referred to as, \u201cone of the stealthiest methods in which an attacker can compromise devices at scale.\u201d The reason is that compromised firmware sitting on the device or system motherboard cannot be detected by security applications running [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/\" \/>\n<meta property=\"og:site_name\" content=\"AMI\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TheWorldRunsonAMI#\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-10T17:21:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/AMI-to-Showcase-Platform-Root-of-Trust-on-Arm\u00ae-based-Server.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"722\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@AMI_PR\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/\",\"url\":\"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/\",\"name\":\"Securing Arm\u00ae-based Servers with Platform Firmware Resiliency - AMI\",\"isPartOf\":{\"@id\":\"https:\/\/www.ami.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/AMI-to-Showcase-Platform-Root-of-Trust-on-Arm\u00ae-based-Server.jpg\",\"datePublished\":\"2023-04-11T03:31:46+00:00\",\"dateModified\":\"2025-12-10T17:21:46+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/#primaryimage\",\"url\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/AMI-to-Showcase-Platform-Root-of-Trust-on-Arm\u00ae-based-Server.jpg\",\"contentUrl\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/AMI-to-Showcase-Platform-Root-of-Trust-on-Arm\u00ae-based-Server.jpg\",\"width\":1200,\"height\":722},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ami.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Resources\",\"item\":\"https:\/\/www.ami.com\/project\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Securing Arm\u00ae-based Servers with Platform Firmware Resiliency\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ami.com\/#website\",\"url\":\"https:\/\/www.ami.com\/\",\"name\":\"AMI\",\"description\":\"Trusted Leader in UEFI, BMC &amp; Open-Source Firmware\",\"publisher\":{\"@id\":\"https:\/\/www.ami.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ami.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.ami.com\/#organization\",\"name\":\"AMI\",\"url\":\"https:\/\/www.ami.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ami.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png\",\"contentUrl\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png\",\"width\":512,\"height\":512,\"caption\":\"AMI\"},\"image\":{\"@id\":\"https:\/\/www.ami.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/TheWorldRunsonAMI#\",\"https:\/\/x.com\/AMI_PR\",\"https:\/\/www.linkedin.com\/company\/ami\",\"https:\/\/www.youtube.com\/c\/AMI_PR\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Securing Arm\u00ae-based Servers with Platform Firmware Resiliency - AMI","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/","og_locale":"en_US","og_type":"article","og_title":"Securing Arm\u00ae-based Servers with Platform Firmware Resiliency","og_description":"In a February 2022 supply chain security report issued by the Department of Homeland Security, platform firmware was referred to as, \u201cone of the stealthiest methods in which an attacker can compromise devices at scale.\u201d The reason is that compromised firmware sitting on the device or system motherboard cannot be detected by security applications running [&hellip;]","og_url":"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/","og_site_name":"AMI","article_publisher":"https:\/\/www.facebook.com\/TheWorldRunsonAMI#","article_modified_time":"2025-12-10T17:21:46+00:00","og_image":[{"width":1200,"height":722,"url":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/AMI-to-Showcase-Platform-Root-of-Trust-on-Arm\u00ae-based-Server.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@AMI_PR","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/","url":"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/","name":"Securing Arm\u00ae-based Servers with Platform Firmware Resiliency - AMI","isPartOf":{"@id":"https:\/\/www.ami.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/#primaryimage"},"image":{"@id":"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/AMI-to-Showcase-Platform-Root-of-Trust-on-Arm\u00ae-based-Server.jpg","datePublished":"2023-04-11T03:31:46+00:00","dateModified":"2025-12-10T17:21:46+00:00","breadcrumb":{"@id":"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/#primaryimage","url":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/AMI-to-Showcase-Platform-Root-of-Trust-on-Arm\u00ae-based-Server.jpg","contentUrl":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/AMI-to-Showcase-Platform-Root-of-Trust-on-Arm\u00ae-based-Server.jpg","width":1200,"height":722},{"@type":"BreadcrumbList","@id":"https:\/\/www.ami.com\/resource\/securing-arm-based-servers-with-platform-firmware-resiliency\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ami.com\/"},{"@type":"ListItem","position":2,"name":"Resources","item":"https:\/\/www.ami.com\/project\/"},{"@type":"ListItem","position":3,"name":"Securing Arm\u00ae-based Servers with Platform Firmware Resiliency"}]},{"@type":"WebSite","@id":"https:\/\/www.ami.com\/#website","url":"https:\/\/www.ami.com\/","name":"AMI","description":"Trusted Leader in UEFI, BMC &amp; Open-Source Firmware","publisher":{"@id":"https:\/\/www.ami.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ami.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.ami.com\/#organization","name":"AMI","url":"https:\/\/www.ami.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ami.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png","contentUrl":"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png","width":512,"height":512,"caption":"AMI"},"image":{"@id":"https:\/\/www.ami.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/TheWorldRunsonAMI#","https:\/\/x.com\/AMI_PR","https:\/\/www.linkedin.com\/company\/ami","https:\/\/www.youtube.com\/c\/AMI_PR"]}]}},"_links":{"self":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project\/917","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project"}],"about":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/types\/project"}],"author":[{"embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/comments?post=917"}],"version-history":[{"count":0,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project\/917\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/media\/918"}],"wp:attachment":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/media?parent=917"}],"wp:term":[{"taxonomy":"project_category","embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project_category?post=917"},{"taxonomy":"project_tag","embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project_tag?post=917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}