Once again we warmly welcome you to our latest blog post. Today we will deal with the topic of "Multilayered Security Features with AMD Ryzen". In the further course of this post we will deal with the multilayered security features of AMD "Zen" and "Zen 2" architectures.
Software and hardware based security
Many users are familiar with software-based security in the form of Windows firewall and common antivirus programs. Of course, these methods do their fair share of security, but these methods also fall flat should the hardware level be affected. That is why more and more chip manufacturers are going there and integrating features and systems into their processors to counteract this risk. In addition to the apparent security, the reason for this is the possibility of penetrating through such breaches to the OS level and thus bypassing software-based security systems. Because of this, we have an extensive product range consisting of the Ryzen series on webtropia.com introduced. An inexpensive solution for a dedicated server with all the security features described in this blog post. But what does AMD bring to the table? In the rest of the blog post we will deal separately with AMD's Hardware Based Security (HBS) and go into more detail about the details and security features.
AMD's "Hardware Root of Trust"
The expression "Root of Trust" should have come across some of you avid blog readers by now. One of our other partners also uses this technology in their own hardware. Brief explanation: A "Root of Trust" serves as a control level which is integrated in certain hardware. In the case of AMD, this level of control is a dedicated onboard chip. This checks whether the firmware is correct and has not been compromised by external influences. Since the "Zen" series, AMD has built a dedicated hardware security processor into every chip. And the Ryzen servers from webtropia.com also use this technology. The aforementioned dedicated hardware processor serves as the “Hardware Root of Trust” as indicated in the heading. This security chip is responsible for the firmware control described above. Should a malicious intervention take place, it will be denied access to further system levels. As soon as the initiated firmware and OEM BIOS have been authenticated, access authorizations are passed on in the command chain until they reach the top layer of the OS.
AMD "Memory Guard" and additional OS security
This feature is reserved for the Ryzen PRO series and serves as an extended security measure for particularly sensitive data carriers (related to workstations, servers, laptops, etc.). With the AMD Memory Guard, the entire system memory of the CPU is cryptographically encrypted by default. This means that even if the work device is completely compromised (e.g. theft), access to the software-based full hard disk encryption that is used as standard is denied. In plain language: The keys stored in the system memory for decrypting the hard disks are secured by a further encrypted layer. Now for the OS security. Microsoft and AMD work hand in hand to allow Windows 10 to implement the multilayered security features of AMD hardware even more effectively. In addition, Windows 10 “Virtualization Based Technology” (VBS) uses the AMD-V feature together with GMET to create a separate memory from the OS so that malicious external attacks cannot compromise the system memory. So secure your dedicated server infrastructure by another factor with AMD and the Ryzen servers from webtropia.com.
We hope that you have enjoyed reading this blog post again and that you have given you the odd “nugget of knowledge”.
Your team from webtropia.com!