By Chris Fenner & Jeff Andersen, Google
Google’s data center platforms currently lean on proprietary Titan hardware and APIs to attest to platform integrity. These APIs provide advanced features like first-instruction integrity of platform firmware and self-attestation of Titan’s application firmware.

Titan hardware and APIs are complementary: for example, advanced self-attestation features are only possible because of the hardware capabilities of the Titan chip. However, this specialized hardware can only be leveraged by Google infrastructure through proprietary APIs. This presents a problem for Google when aiming to ingest off-the-shelf hardware.

In this talk, Google presents how we approach attestation in our data center fleet. We also propose new TPM APIs that, along with identity features like DICE, would provide security features similar to Google’s proprietary solutions. This will allow data center operators to leverage third-party roots of trust that support these enhanced security features, from a wide range of vendors, rather than relying on proprietary hardware or APIs.

Google’s Project PINT (Platform INTegrity) is an effort to advance the state of industry-standard platform integrity through open APIs. Project PINT complements other efforts to advance the state of industry RoT security, e.g., OpenTitan. Google is invested in contributing to transparency at both the hardware and API levels, envisioning a future where both are considered foundational.