On April 19, 2016, General Secretary Xi Jinping stressed the need to establish a correct concept of network security, accelerate the construction of a critical information infrastructure security guarantee system, and enhance network security defense capabilities and deterrence capabilities. The correct concept of network security, that is, the "overall national security concept" advocated by the general secretary, means that network security is holistic rather than fragmented, and network security has a whole body to national security, and there is no national security without network security.
As we all know, security has been the core demand of the era of internet of everything intelligent, the CPU as the ubiquitous computing power cornerstone, its own security is particularly important, the CPU itself is not secure can not achieve network security. On the occasion of the sixth anniversary of General Secretary Xi Jinping's important speech of "4 19", looking at domestic CPU manufacturers, the degree of attention and investment in security is uneven. Some manufacturers have begun to actively explore systematic and global CPU security mechanisms, pioneering the relevant standards for CPU security, and realizing the essential security of domestic computer systems from the bottom up from the CPU level, just like "vaccines" to build a solid security barrier for computers.
Dare to be the first cpu security
According to the "Mainland Internet Network Security Monitoring data analysis report for the first half of 2021" released by the National Internet Emergency Response Center (CNCERT), the National Information Security Vulnerability Sharing Platform (CNVD) included 13,083 general-purpose security vulnerabilities, an increase of 18.2% year-on-year. Among them, the number of zero-day vulnerabilities was 7107, accounting for 54.3% of the total number of vulnerabilities, a substantial increase of 55.1% year-on-year. At the time of disclosure, these vulnerabilities have not yet been released patches or corresponding contingency measures, seriously threatening the security of mainland cyberspace.
The severe network security situation poses higher challenges to domestic CPUs. 6 years ago, the overall gap between the performance of domestic CPUs and foreign manufacturers was relatively large, and domestic chip manufacturers mainly focused on research and development to catch up with performance.
At that time, Feiteng CPU was still a "newcomer" in the xinchuang circle, and few people knew about it. On April 19, 2016, General Secretary Xi Jinping's important speech made the Feiteng CPU R&D team realize that network security is a heavy responsibility, so in addition to focusing on performance breakthroughs in the development and design of follow-up products, security was also promoted to an extremely important position.
"Autonomy does not equal security, and high performance does not mean high security." Guo Yufeng, deputy general manager of Feiteng Information Technology Co., Ltd., said that in addition to the independent positive design to block the backdoor, the CPU design also needs to be immune to the vulnerability risk through the active security design of the system, explore how to integrate the security design concept into all aspects of the domestic CPU design, run through the idea of security design in the entire process of processor design, grasp from the architecture, software and hardware as a whole, and truly implant security into the "core" through the anti-backdoor and plug the loophole.
Everything is predetermined, and if it is not predetermined, it is abolished. It is adhering to this security concept, with the mission of "focusing on the core chip of information systems and supporting the development of national information security and industry", from 2016 to 2019, Feiteng has been planning and formulating security architecture specifications, designing and developing trusted computing CPUs for active immunity. Feiteng security technology team has conducted extensive research and cutting-edge exploration of processor security and related fields, involving processor security microarchitecture design, side-channel attack and defense, firmware security and virtualization security and many other directions. Dare to seek safety for others, but also for the soaring CPU in the xinchuang market to catch up with the solid foundation.
PSPA "vaccine" builds a solid safety barrier
As the security cornerstone of the information system, how can the CPU really prevent backdoors and plug loopholes?
After more than three years of thinking, design and iteration, on December 19, 2019, feiteng company formulated the first domestic processor security architecture specification PSPA1.0 (Phytium Security Platform Architecture) was officially unveiled, which is also the first time that domestic CPU companies have released CPU-level security architecture specifications, and realized the intrinsic security of domestic computer systems from the CPU level. Trusted Computing 3.0 is the core defense technology determined by the mainland network security and other 2.0 standards, and Feiteng PSPA has realized the security architecture of Trusted Computing 3.0, truly achieving security and credibility "inside the core".
PSPA1.0 defines the hardware and software functions and attributes involved in the security processor from ten aspects, including password acceleration engine, key management, trusted boot, trusted execution environment, secure storage, firmware management, mass production injection, lifecycle management, anti-physical attack and hardware vulnerability immunity, involving chip hardware design, firmware design, mass production and other aspects, and has comprehensive considerations and solutions for cryptographic algorithms, trusted computing, full-cycle management, anti-attack, production security and other aspects.
As can be seen from the report released by the National Internet Emergency Response Center (CNCERT), as cyber attacks become increasingly normalized and severe, security has become a "strong demand" in all walks of life. PSPA is like a "vaccine", building a solid security barrier for computers to protect data security.
It is worth noting that before the official release of PSPA1.0, Feiteng has already run through the relevant requirements of PSPA1.0 in the design of the high-performance desktop chip FT-2000/4, and carried out experimental verification at the product level. The FT-2000/4, which debuted in September 2019, has a unique innovation in built-in security, providing effective support for trusted computing from the CPU level. The 8-core desktop CPU FeiTenteng Rui D2000, launched in December 2020, also supports the PSPA1.0 specification. These two CPUs have become soaring "star products", widely used in government affairs, finance, transportation, electricity and other important fields.
When the "CPU Vaccine" application is in progress
Vaccine research has come out, and most people have to use it to enhance the body's immunity. In the same way, only when the "CPU vaccine" is applied on the ground can it exert its true value and truly escort network security.
Feiteng attaches great importance to the ecological construction of the trusted computing industry. Relying on the self-defined security and trust architecture specifications and the increasingly rich spectrum of security CPU products, Feiteng has joined hands with partners to expand the security and trusted ecosystem, jointly create a joint solution for intrinsic safety, and promote the construction of the xinchuang industry security system and the landing application of PSPA.
In order to effectively solve the overall trusted security problems from device hardware to firmware, operating systems and business applications, and provide end-to-end secure and trusted computing solutions for key information infrastructure in government affairs, energy, transportation, finance and other industries, in 2021, Feiteng joined hands with Beijing Institute of Computer Technology and Application, Kirin Software, Trusted Huatai and CLP Technology to launch the PSPA Trusted Computing Joint Solution, and has been applied in the computer terminal of the business management system of relevant departments. Based on the Feiteng Trusted Core, the project has built an on-chip root of confidence and realized the defense capability of active immunity. Beijing Institute of Computer Technology and Application, together with ecological partners, has developed a trusted computer terminal that meets the trusted computing 3.0 standard based on the FT-2000/4 and PSPA1.0 versions of Feiteng Network Security, and the security mechanism built into the CPU has been fully applied.
The joint solution represents the new generation of trusted computing 3.0 innovative hardware and software technology route, supported by built-in hardware such as Feiteng CPU, reducing dependence on external expansion, comprehensively improving computing performance, security, integration and compatibility, truly realizing the deepest endogenous immunity, making the availability and ease of use of trusted computing 3.0 software and hardware products greatly improved, laying a solid foundation for the wide-scale application and promotion of trusted computing products.
In addition, Feiteng and Datang Gao Hongxin'an launched a trusted system joint solution based on PSPA security architecture standards, which has won the "Excellent Solution for Xinchuang Security" award issued by the "Xinchuang Chuang Working Committee" of the China Electronics Industry Standardization Technology Association.
"With the PSPA immune system, the security of computer terminals is more secure." Feiteng said an ecological partner.
PSPA 2.0 is coming soon
The digital economy will encompass all aspects of the economy, society and life, and information security will face unprecedented challenges. The outline of the 14th Five-Year Plan points out that it is necessary to maintain security in new areas and comprehensively strengthen the network security guarantee system and capacity building.
2022 is a key year for the implementation of the "14th Five-Year Plan", Feiteng will further strengthen the research of security cutting-edge technologies, including processor microarchitecture security integration protection technology, auxiliary security technology for virtualization scenarios, physical security protection technology for high-security level chips, etc.; Feiteng will launch PSPA2.0 specifications, expand the coverage of PSPA security mechanisms, improve the support strength of PSPA security mechanisms, further enhance endogenous security capabilities, and effectively escort information security.
It has been revealed that the PSPA 2.0 specification will be the first to be used for the upcoming release of the Feitengtenlong E2000. Feiteng's subsequent CPU design, whether it is server-oriented (Feitengyun S series), desktop-oriented (Feiteng rui D series), or embedded (Feitenglong E series), will fully support the PSPA2.0 security architecture specification, making the coverage of endogenous security technology more and more extensive.
Undoubtedly, with the continuous introduction of enhanced versions of the "vaccine" of domestic CPUs, the stable operation of the independent computing power system will be rock solid.