Google Infrastructure Security Design Overview

Profile image of Mattias Geniar

Mattias Geniar, January 16, 2017

Follow me on Twitter as @mattiasgeniar

This is quite a fascinating document highlighting everything (?) Google does to keep its infrastructure safe.

And to think we’re still trying to get our users to generate random, unique, passphrases for every service.

Secure Boot Stack and Machine Identity

Google server machines use a variety of technologies to ensure that they are booting the correct software stack. We use cryptographic signatures over low-level components like the BIOS, bootloader, kernel, and base operating system image. These signatures can be validated during each boot or update. The components are all Google-controlled, built, and hardened. With each new generation of hardware we strive to continually improve security: for example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a microcontroller running Google-written security code, or the above mentioned Google-designed security chip.

Each server machine in the data center has its own specific identity that can be tied to the hardware root of trust and the software with which the machine booted. This identity is used to authenticate API calls to and from low-level management services on the machine.

Source: Google Infrastructure Security Design Overview