Hardware Security
Kunpeng servers abstract board hardware into several elements, including key interfaces, components/modules, PCB traces, silkscreens/identifiers, and cover. Based on the STRIDE threat analysis methodology, Kunpeng server board security is designed in terms of these elements, which increases the difficulty of local attacks, protects key data, and minimizes the attack surface.
Hardware Element |
Overview of hardware security threats |
|||||
|---|---|---|---|---|---|---|
Spoofing (S) |
Tampering (T) |
Repudiation (R) |
Information Disclosure (I) |
DoS (D) |
Elevation of Privilege (E) |
|
Debugging interface |
An attacker illegally accesses a board through the debugging interface. |
An attacker tampers with system configuration and software through the debugging interface. |
An attacker clears system access traces by deleting logs through the debugging interface. |
An attacker illegally exports sensitive information such as passwords and keys, causing information disclosure. |
An attacker implants unauthorized software or configuration data to cause board DoS. |
An attacker obtains the board system access privilege through the debugging interface. |
Service interface |
An attacker illegally accesses a board through the service interface. |
An attacker tampers with service data through the service interface or tampers with software through the upgrade channel. |
Attacker's access to a board cannot be detected (no log is recorded in the system). |
An attacker obtains sensitive information by mirroring unused service interfaces or copying data through storage interfaces. |
An attacker injects a large amount of data into the service interface to cause board DoS. |
An attacker changes from a common user to an administrator to launch in-depth attacks on the board system. |
Component/Module |
An attacker replaces chips (such as flash) to launch attacks. |
An attacker replaces chips or changes the chip execution process through fault injection (such as clock and voltage faults). |
An attacker bypasses the board log recording system through side-channel attacks (such as power consumption and electromagnetic attacks). |
An attacker obtains sensitive board information through fault injection, side-channel attacks, and physical attacks (such as probe detection). |
An attacker launches DoS attacks on boards through physical attacks. |
An attacker launches privilege elevation attacks through fault injection. |
PCB trace |
/ |
An attacker tampers with data through physical attacks (such as probes). |
/ |
An attacker obtains the internal data transmission flow of a board through physical attacks (such as probe attacks) to obtain sensitive information of the board. |
An attacker blocks and disturbs data flows transmitted along PCB traces through physical attacks, causing board DoS. |
/ |
Silkscreens/Identifiers |
/ |
/ |
/ |
An attacker identifies various functional modules, buses, and interfaces based on PCB silkscreens and identifiers, and launches targeted attacks. |
/ |
/ |
Cover |
An attacker illegally opens the cover to access internal components of a board. |
An attacker disassembles the cover. |
An attacker disassembles the cover without leaving any trace. |
/ |
/ |
/ |
The Kunpeng server has the hardware RoT capability in core components such as the Kunpeng processor, iBMC chip, and network controller. It supports trusted computing based on the hardware RoT, supports TCM and TPM chips/modules in the compatibility design, and has the physical tampering defense capability.
Kunpeng server boards are designed and developed in strict accordance with the Board Hardware Trustworthiness and Security Design Specifications, and have passed Huawei's ICSL verification. Hardware trustworthiness is implemented throughout the process, including architecture design, component selection, schematic diagram design, PCB design, and server design.
In the board hardware interface security design, debugging interfaces (such as the debugging serial port and debugging JTAG interface) can be disabled. To protect interfaces and signals that involve sensitive data transmission, hardware measures such as inner PCB traces, scattered traces for critical signals, hardware-based encryption and decryption, and hardware write protection are used, preventing attackers from obtaining sensitive data through storage and debugging interfaces. Service interface chips support data encryption and decryption and access authentication. Chips that store sensitive data use ball grid array (BGA) packaging and anti-dismantle package design. Core circuits are routed in strict accordance with the specifications. Critical power management signals are protected against side-channel attacks. Function silkscreens or identifiers that are not required by service functions are removed from the PCB. These measures reduce near-end hardware attacks, protect key data, and minimize the attack surface.