How Alibaba Cloud’s PRoT810 Chip Redefines Server Hardware Security

1. Challenges of Data Center Server Hardware Security

With the rapid development of cloud computing and AI, server hardware faces unprecedented security challenges such as firmware, OS, and software tampering; exploitation of chip, firmware, and hypervisor vulnerabilities; supply‑chain attacks across production, manufacturing, assembly, and transportation; and risky operational practices by administrators. These threats demand more comprehensive, proactive hardware‑level protection.

2. From TPM Trust Root to Chip Trust Root to Platform Trust Root: Layered Security and Defense in Depth

Traditional servers rely on TPM/TCM as a hardware trust root, providing trusted storage and reporting but lacking active measurement and proactive protection, making them insufficient for complex data‑center risks. Recent chip vendors offer an internal root of trust (Silicon RoT) with boot verification, measurement, and key protection, yet these solutions focus on the chip itself and do not cover external platform components.

To fill this gap, Alibaba Cloud introduced the Server PRoT (Platform Root of Trust) architecture, adding an extra hardware security layer compatible with various CPU platforms and independent of BMC or CPU security designs.

3. Alibaba Cloud’s Self‑Developed Security Chip and Module

Security Chip: The PRoT810 chip, built on the XuanTie core with self‑designed IP, integrates a silicon trust root and physical protections. It offers platform‑level defenses such as SPI and SMBUS filtering, real‑time illegal instruction blocking, and TPM functionality.

Security Module: Based on PRoT810, the AliPRoT module provides active measurement, protection, recovery, and reporting for platform firmware, delivering trusted services in conjunction with the CIPU hardware security architecture.

4. Security Design from the Source

From the first line of ROM code to the running security firmware, all components are developed in‑house and signed via Alibaba Cloud’s firmware signing platform, ensuring trustworthiness. Enabling secure boot and TCG DICE features provides step‑by‑step verification and measurement, guaranteeing anti‑tamper protection.

5. Production‑Stage Enabling of PRoT Hardware Trusted Identity

During manufacturing, each PRoT device receives a unique hardware identity certificate (one‑chip‑one‑certificate), making the hardware identity verifiable and unforgeable, which underpins trusted services later on.

6. Pre‑Power‑On Active Measurement and Verification

Before the server powers on, AliPRoT boots ahead of other components while BMC and CPU remain in reset. It measures and verifies BMC and BIOS flash contents according to PFM rules, allowing boot only if the firmware matches expected values; otherwise, it triggers recovery using a protected Golden Image stored in a private trusted area.

7. Runtime Active Defense

Prior to BMC and CPU reset, PRoT enforces write protection on BMC and BIOS flash per PFM definitions, preventing unauthorized runtime writes. It also controls CPLD upgrades and provides real‑time protection for VR, PSU, and other components.

8. Runtime Dynamic Measurement

AliPRoT, as the platform’s upgrade trust root, re‑measures and verifies firmware during upgrades and periodically attests each iRoT component, collecting measurement data to provide timely trusted reports.

9. Runtime Platform Trusted Management and Services

AliPRoT integrates with Alibaba Cloud’s Trusted Management Platform to enforce authenticated firmware upgrades, blocking unauthorized operations even if the upgrade package is signed. It also incorporates traditional TPM/TCM functions to deliver trusted services for a zero‑trust cloud security architecture. CIPU interfaces with AliPRoT via dedicated secure protocols, aggregating trust measurements and reporting them to the cloud management platform, forming a closed‑loop security workflow.

10. Outcomes and Outlook

Firmware integrity verification ensures only validated firmware runs, preventing tampering or backdoors.

Real‑time firmware protection safeguards the underlying firmware even if the CPU or OS is compromised.

Trusted measurement and reporting mitigate supply‑chain attack risks, achieving platform‑wide trust.

Secure platform operations prevent insider operational risks, ensuring safe firmware management.

AliPRoT has been productized on Intel and AMD CPUs and supports ARM and RISC‑V architectures. In cloud environments, its deep integration with CIPU provides a hardware‑level security foundation for cloud computing, AI model inference, and training, guaranteeing data security and platform stability.

Its launch not only redefines data‑center server security standards but also marks a paradigm shift from passive defense to proactive hardware protection.