Google’s Custom Server Security Silicon

Simon Sharwood, writing for the Register [sic]:

Google has published a Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services.

Revealed last Friday, the document outlines six layers of security and reveals some interesting factoids about the Alphabet subsidiary’s operations, none more so than the revelation that “we also design custom chips, including a hardware security chip that is currently being deployed on both servers and peripherals. These chips allow us to securely identify and authenticate legitimate Google devices at the hardware level.”

That silicon works alongside cryptographic signatures employed “over low-level components like the BIOS, bootloader, kernel, and base operating system image.”

Via Charles Arthur who quipped:

Google is paranoid about people penetrating its security because it relies on peoples’ trust; without that it would be Yahoo.

Last year, Apple was rumoured to be designing its own server infrastructure with similar hardware-level verification and security components. I haven’t heard anything about the project since. I wonder if we’ll hear something about it later this year.