超大规模 CPU 无影响固件更新.pdf

《超大规模 CPU 无影响固件更新.pdf》由会员分享，可在线阅读，更多相关《超大规模 CPU 无影响固件更新.pdf（9页珍藏版）》请在三个皮匠报告上搜索。

1、Giri Mudusuru,MicrosoftJustin King,AMDHyperscale CPU Impactless Firmware UpdatesHyperscale CPU Impactless Firmware UpdatesGiri Mudusuru,MicrosoftJustin King,AMDOPEN PLATFORM FIRMWARE(OPF)Hyperscale pain points-Frequent updates are necessary,but oDowntimes are painful and expensiveoPerformance can be

2、 impactedoUpdate scheduling and coordination can be inefficientoDivergent firmware update architectures induce process complexitiesOCP Solution Standardize impactless updates for processor FW,specifically targeting:IntroductionPhase 1Phase 3Phase 2Why Impactless Updates?Minimized DowntimeApply durin

3、g runtime without need for system reboots,ensuring continuous service availability and minimal disruption.Enhanced SecurityTimely application of security patches reduces vulnerabilities and improves system protection.Operational EfficiencyAvoiding reboot cycles reduces operational complexity and fin

4、ancial impact caused by service interruptions.High Service ReliabilityAllow hyper-scalers maintain stringent uptime requirements and improve reliability in multi-tenant environments.Deployment Agent(DA)provides updates to CPUs Impactless Update Function(IUF)oSilicon Vendor Firmware(for non-core micr

5、ocontrollers)supportedoMicrocode supportedoAt present,BIOS/UEFI updates are out of scope(not owned by silicon vendor)Updates can be performed either in-band or out-of-band(boot time choice)Firmware and Flow TypesHyperscalerDeploymentAgentHost SWRoot of TrustCPU Device IUFIn-BandOut-of-BandReturn Sta

6、tusPrepare UpdatePlace in memory,lockVerify Signature(s)Execute UpdateIUF uses SOCs Root of Trust to verify silicon vendors headers/signaturesoCustomer may provide optional header/signature also verified by RoToIUF/RoT produce attestation/measurements and upda