No video :(

Rack-Scale Security Attestation for the Oxide Cloud Computer

Подписаться 3,8 тыс.

Просмотров 5 тыс.

50% 1

Our server sleds don't have a BIOS/UEFI, it's a radical decision but it's part of a first-principles approach to security that along with our hardware root of trust and trust quorum ensures that the entire rack-level computer is securely attested to, not just individual components.

Опубликовано:

27 май 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 25

@friendlywavingrobot 2 месяца назад

"Speaking loudly in the data center" should be a new Oxide series

@captainobvious9188 2 месяца назад

The latency didn't go up for those disks though, they all be SSD!

@frankstevenson5013 2 месяца назад

Old habits die hard, from what I can tell the rack is running very quietly.

@KaneYork 2 месяца назад

And it can also attest that it's running "Oxide firmware as patched by this specific customer" and not "Oxide firmware as patched by Bureau of Evil"

@Sammi84 2 месяца назад

This man always sounds like he's speaking louder than the microphone can handle 😅

@JeffRAllenCH 2 месяца назад

His ideas are bigger than the microphone can handle! 🤯

@owenschwartz 2 месяца назад

Fantastic!

@hardcodes2166 2 месяца назад

When can those racks be bought in Germany?

@freax13 2 месяца назад

This is similar to TPM-style remote attestation but also including the firmware running beneath the host processor, isn't it?

@autohmae Месяц назад

Yes and you can get this already from other manufacturers, you can even go further, encrypted memory and workload identity (SPIFFE). But let's be clear, oxide firmware is probably simple and to the point and open source

@EightSixx 2 месяца назад

can you make a home server rack please?

@NanneWielinga 2 месяца назад

A mini homelab version would be interesting for Oxide development too

@modernsolutions6631 2 месяца назад

It makes no sense given how their current compute sleds work. They don't come with their own cooling, They don't come with standard networking ports, building a chassis to contain one or two sleds will be too expensive for any consumer.

@JNJNRobin1337 2 месяца назад

they'd only do it if they found it monetarily viable for them. if they make the cooling systems in-house though, they could find a market for selling that

@prdoyle Месяц назад

@@modernsolutions6631 None of that matters though.

@chmod0644 2 месяца назад

Handsome man, handsome server

@timeimp 2 месяца назад

iOS-style attestation from hardware in server equipment? Nice!

@AndrewMorris-wz1vq 2 месяца назад

Except one important step further. Opensource. So it can be truly audited and reviewed by more than just Apple.

@binaryguru 2 месяца назад

Do you offer actual hardware for purchase or is it just cloud? I'm not interested in cloud, data has to stay on location.

@oxidecomputercompany4540 2 месяца назад

Yes this is designed for you to purchase, own, and control on location!

@TheMohawkNinja 2 месяца назад

That's all well and good, but how can the end user trust that the Oxide firmware is itself perfectly safe and not compromised either from a malicious internal employee or (if we want to be really paranoid) that Oxide themselves isn't knowingly pushing out backdoored firmware? Do you open source your firmware to allow customers to audit it to ensure compliance with their own security needs? If not, then I don't see how this is all that much more secure than the proprietary blobs that Dell, HP, and the like supply with their servers.

@ahl0003 2 месяца назад

Yes. It’s all open source

@TheMohawkNinja 2 месяца назад

@ahl0003 Nice! That sounds like a pretty good setup then from a security standpoint.

@kpertsev 2 месяца назад

@@TheMohawkNinja It's a good setup from the security standpoint if you can rebuild the firmware from the source. Otherwise how can you be sure that what's on the github and in your sled is the same thing? But the rebuilt firmware has to be signed by Oxide, right?