Root of Trust

RoT is where platform security starts

Kameleon’s ProSPUTM establishes a RoT from the very first boot process, guaranteeing the integrity of the platform, including peripherals connected to the system, to extend the chain of trust throughout every layer of the stack from boot to firmware load, OS runtime up until the running applications.

Seamlessly integrate Kameleon’s ProSPU into your platform

  • Supporting any hardware architecture (Intel, AMD, ARM)
  • Platform Secure Boot for up to two processors on the motherboard (e.g., the CPU and the BMC)
  • Robust & secure firmware updates, including A/B support and golden image for increase resiliency, guaranteeing no bricking of the system
  • Customer configurable security policies
  • Platform ownership certificate, with ownership transitions support

Reduce Security Exposure

  • Protection against firmware tampering and persistency attacks, including policy-controlled rollback prevention
  • Peripheral attestation, including firmware integrity and policy compliance
  • A unique and unclonable PUF-based identity for every system and every component
  • Recovery of corrupt and/or compromised firmware
  • TPM integration for platform measured boot support

Ensure Audit and Compliance

  • First to market fully compliant with Open Compute Project (OCP) Security standards
  • Supply chain security starts at manufacturing and is maintained throughout the entire lifecycle
  • NIST 800-193 Platform Firmware Resiliency (PFR) compliance
  • Secure alerting via the BMC out-of-band secure channel

Runtime Protection

Holistic hardware-based protection that doesn’t end at Boot

Unlike any other hardware security, Kameleon’s ProSPUTM protection doesn’t stop at boot. The ProSPUTM protects the operating system and applications on the server during runtime, ensuring not only that the platform starts secure, but that it stays secure throughout the lifecycle.

  • Kameleon’s patented “Moving Target Defense” protection for selected applications, to prevent Zero Day exploitation
  • Integrity monitoring of kernel and user apps, with configurable protection policies
  • Support for multiple flavors of Linux (i.e. CentOS, RedHat)
  • A platform for 3rd party and operator-developed security add-ons, enabling easy extensibility with custom run-time protections
  • Cryptographic services (with support for isolated execution of SHA, HMAC, ECC, RSA and AES)

OCP Inspired

The Open Compute Project Foundation (OCP) was initiated in 2011 with a mission to apply the benefits of open source and open collaboration to hardware and rapidly increase the pace of innovation in, near and around the data center. Kameleon takes leading role in the OCP Security Working Group, defining the RoT security guidelines.