Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Cloud Security

Google Reveals Its Servers All Contain Custom Security Silicon (theregister.co.uk) 118

Google has published an Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services. From a report on The Register: The document outlines six layers of security and reveals some interesting factoids about the Alphabet subsidiary's operations, none more so than the disclosure that: "We also design custom chips, including a hardware security chip that is currently being deployed on both servers and peripherals. These chips allow us to securely identify and authenticate legitimate Google devices at the hardware level." That silicon works alongside cryptographic signatures employed "over low-level components like the BIOS, bootloader, kernel, and base operating system image." "These signatures can be validated during each boot or update," the document says, adding that "the components are all Google-controlled, built, and hardened. With each new generation of hardware we strive to continually improve security: for example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a microcontroller running Google-written security code, or the above mentioned Google-designed security chip."
This discussion has been archived. No new comments can be posted.

Google Reveals Its Servers All Contain Custom Security Silicon

Comments Filter:
  • It won't stop a warrant or a subpoena...

  • Google has been designing and manufacturing their own data center motherboards for years. If a motherboard died in the rack, it was cheaper to leave it there. I knew that when I worked at the Google IT help desk in 2008 and built out a Google data center testbed in 2011.
    • by Desler ( 1608317 )

      This just in: Company employees will know things people outside the company don't. Film at 11!

      • This just in: Company employees will know things people outside the company don't.

        My knowledge of Google while working at Google came from the tech press and some books.

  • by Moskit ( 32486 ) on Monday January 16, 2017 @03:57PM (#53678551)

    Some hardware manufacturers seem to be doing so for quite some time, for various reasons. For example Cisco has been equipping its routers with such chips for many years:
    http://www.cisco.com/c/en/us/p... [cisco.com]

    They have a whole process for securely booting such devices:
    http://www.cisco.com/c/en/us/a... [cisco.com]

    Given increasing numbers of counterfeit manufactured devices and NSA tricks this is likely going to become more widespread.

    • by Anonymous Coward

      Some hardware manufacturers seem to be doing so for quite some time, for various reasons.

      "various reasons" is the real story: they implemented exclusion of counterfeit hardware _before_ they implemented secure boot. I wouldn't trust the secure boot stuff to be much good because clearly their motivation is shutting down counterfeit modules so they get paid, not security. I would expect by extrapolation the "secure" boot stuff is mostly license enforcement, not response to NSA.

      That would be another thing to ask Google: do your security promises hold up if all your network gear from American ve

  • ...and not even read the article before saying that you "designing" something doesn't mean you're also "manufacturing" it. What you design might be really cool but take into account (no pun) who is actually implementing that design for you and how those "tests" are going to pan out. Media releases of "we're so safe and on top" don't work anymore. Wait, yeah they do. Just like the evening news, they give people things to talk about around the water cooler.

    Good work with those designs!!!

Single tasking: Just Say No.

Working...