Assuring platform integrity is top-of-mind for platform owners. Hardware roots of trust can measure and attest to firmware integrity, but this is only one component of platform integrity in hyperscalar environments, which impose a number of practical design constraints. This talk gives an overview of Googles platform attestation framework, whose primary design goals consist of providing scalable recovery from firmware vulnerabilities, while amortizing engineering effort across multiple hardware devices and configurations. Subjects of interest include
Attestation policy content, generation, revocation, and enforcement.
Representing the physical model of complex platform topologies.
Contributions Google has made to OCP-recommended standards like SPDM and Redfish, to enable platform operators to directly verify attestations from a wide range of roots of trust.
