Platform Integrity Attestation at Scale
11-30, 23:20–23:40 (Europe/Berlin), PadSec

Assuring platform integrity is top-of-mind for platform owners. Hardware roots of trust can measure and attest to firmware integrity, but this is only one component of platform integrity in hyperscalar environments, which impose a number of practical design constraints. Constraints include scaling to a large fleet of machines, scaling to increasingly complex machines, and all while ensuring the high levels of availability and reliability required of our data center fleet.

This talk gives an overview of a platform attestation framework designed by Google, whose primary goals consist of providing scalable recovery from firmware vulnerabilities, while amortizing engineering effort across multiple hardware devices and configurations. Subjects of interest include:

  • Attestation policy content, generation, revocation, and enforcement.

  • Representing the physical model of complex platform topologies.

  • Contributions Google has made to standards like SPDM and Redfish, to enable platform operators to directly verify attestations from a wide range of roots of trust.

Jeff Andersen focuses on hyperscalar platform integrity solutions at Google. He has worked on Google's in-house Titan root-of-trust chip and is now looking to apply Google's domain experience to help advance the state of attestation APIs in the wider industry.

Jonathan has worked in the security industry since 2010, doing a variety of things related to abusing the security of systems. Currently, he is employed by Google to help secure its production data center servers.