hardware – Noise

New Attacks Against Secure Enclaves

Bruce Schneier — Mon, 10 Nov 2025 12:04:55 +0000

Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about this before:

Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an internal storage system and deliver them to the user. End-to-end encryption is sufficient in such a narrow context. But often we want our cloud providers to be able to perform computation on our raw data: search, analysis, AI model training or fine-tuning, and more. Without expensive, esoteric techniques, such as secure multiparty computation protocols or homomorphic encryption techniques that can perform calculations on encrypted data, cloud servers require access to the unencrypted data to do anything useful...

Apple’s New Memory Integrity Enforcement

Bruce Schneier — Tue, 23 Sep 2025 11:07:17 +0000

Apple has introduced a new hardware/software security feature in the iPhone 17: “Memory Integrity Enforcement,” targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired:

In recent years, a movement has been steadily growing across the global tech industry to address a ubiquitous and insidious type of bugs known as memory-safety vulnerabilities. A computer’s memory is a shared resource among all programs, and memory safety issues crop up when software can pull data that should be off limits from a computer’s memory or manipulate data in memory that shouldn’t be accessible to the program. When developers—even experienced and security-conscious developers—write software in ubiquitous, historic programming languages, like C and C++, it’s easy to make mistakes that lead to memory safety vulnerabilities. That’s why proactive tools like ...

China Accuses Nvidia of Putting Backdoors into Their Chips

Bruce Schneier — Thu, 07 Aug 2025 11:05:39 +0000

The government of China has accused Nvidia of inserting a backdoor into their H20 chips: China’s cyber regulator on Thursday said it had held a meeting with Nvidia over what it called “serious security issues” with the company’s...

Analysis of the EPYC 145% performance gain in Cloudflare Gen 12 servers

JQ Lau — Tue, 15 Oct 2024 15:00:00 +0000

Cloudflare’s Gen 12 server is the most powerful and power efficient server that we have deployed to date. Through sensitivity analysis, we found that Cloudflare workloads continue to scale with higher core count and higher CPU frequency, as well as achieving a significant boost in performance with larger L3 cache per core.

Thermal design supporting Gen 12 hardware: cool, efficient and reliable

Leslye Paniagua — Mon, 07 Oct 2024 13:00:00 +0000

Great thermal solutions play a crucial role in hardware reliability and performance. Gen 12 servers have implemented an exhaustive thermal analysis to ensure optimal operations within a wide variety of temperature conditions and use cases. By implementing new design and control features for improved power efficiency on the compute nodes we also enabled the support of powerful accelerators to serve our customers.

Cloudflare’s 12th Generation servers — 145% more performant and 63% more efficient

JQ Lau — Wed, 25 Sep 2024 13:00:00 +0000

Cloudflare is thrilled to announce the general deployment of our next generation of server — Gen 12 powered by AMD Genoa-X processors. This new generation of server focuses on delivering exceptional performance across all Cloudflare services, enhanced support for AI/ML workloads, significant strides in power efficiency, and improved security features.

Eliminating hardware with Load Balancing and Cloudflare One

Noah Crouch — Tue, 16 Jul 2024 13:00:44 +0000

Cloudflare is adding support for end-to-end private traffic flows to our local traffic management (LTM) load balancing solution, and allowing for the replacement of hardware load balancers

Hardware Vulnerability in Apple’s M-Series Chips

Bruce Schneier — Thu, 28 Mar 2024 11:05:01 +0000

It’s yet another hardware side-channel attack:

The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years...

Autonomous hardware diagnostics and recovery at scale

Jet Mariscal — Mon, 25 Mar 2024 13:00:33 +0000

Operating hardware in 310 cities in 120 countries means that hardware can break anywhere and anytime. Detecting and managing server failure at scale requires automation. Here's how we automated

Redefining fleet management at Cloudflare

Ryan De Lap — Tue, 19 Mar 2024 13:00:58 +0000

Growing pains were inevitable given the sheer pace of Cloudflare’s growth. Processes around server provisioning, maintenance windows, repairs, and diagnostics reporting were reaching their limits

Introducing the Project Argus Datacenter-ready Secure Control Module design specification

Xiaomin Shen — Mon, 16 Oct 2023 17:53:16 +0000

The DC-SCM (Datacenter-ready Secure Control Module) decouples server management from the server motherboard. It provides flexibility to implement multiple server management and security solutions with the same server motherboard design

How Cloudflare is staying ahead of the AMD Zen vulnerability known as “Zenbleed”

Derek Chamorro — Tue, 25 Jul 2023 00:47:12 +0000

Zenbleed, tracked as CVE-2023-20593, is a flaw in the software that allows for the theft of data at a rate of 30kb per core, per second. This is more than fast enough to intercept private data as it passes through the processor

DDR4 memory organization and how it affects memory bandwidth

Xiaomin Shen — Wed, 19 Apr 2023 13:00:00 +0000

In this blog, we will study the concepts of memory rank and organization, and how memory rank and organization affect the memory bandwidth performance by reviewing some benchmarking test results

Deploying firmware at Cloudflare-scale: updating thousands of servers in more than 285 cities

Chris Howells — Fri, 10 Mar 2023 14:00:00 +0000

We have a huge number of servers of varying kinds, from varying vendors, spread over 285 cities worldwide. We need to be able to rapidly deploy various types of firmware updates to all of them, reliably, and automatically, without any kind of manual intervention.

Armed to Boot: an enhancement to Arm’s Secure Boot chain

Derek Chamorro — Wed, 25 Jan 2023 14:00:00 +0000

Enhancing the Arm Secure Boot chain to improve platform security on modern systems.

A more sustainable end-of-life for your legacy hardware appliances with Cloudflare and Iron Mountain

May Ma — Wed, 14 Dec 2022 14:00:00 +0000

Introduce remarketing and recycling as the more sustainable ways of disposing of your legacy hardware appliances. And announce a partnership with Iron Mountain to make this journey easier and more cost beneficial for Cloudflare customers.

How we’re making Cloudflare’s infrastructure more sustainable

Rebecca Weekly — Wed, 14 Dec 2022 14:00:00 +0000

Our hardware sustainability initiative encapsulates using hardware components for as long as possible, recycling them responsibly when it is time to decommission them, and selecting the most power-efficient options for our workloads.

Successful Hack of Time-Triggered Ethernet

Bruce Schneier — Fri, 18 Nov 2022 15:04:41 +0000

Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it:

On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single plane to disrupt synchronization and communication between TTE devices on all planes. The attack works by exploiting a vulnerability in the TTE protocol. The work was completed by researchers at the University of Michigan, the University of Pennsylvania, and NASA’s Johnson Space Center...

Let’s Architect! Architecting with custom chips and accelerators

Luca Mezzalira — Wed, 21 Sep 2022 16:51:53 +0000

It’s hard to imagine a world without computer chips. They are at the heart of the devices that we use to work and play every day. Currently, Amazon Web Services (AWS) is offering customers the next generation of computer chip, with lower cost, higher performance, and a reduced carbon footprint. This edition of Let’s Architect! […]

Levels of Assurance for DoD Microelectronics

Bruce Schneier — Mon, 29 Aug 2022 14:30:04 +0000

The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics.

The introductory report in a DoD microelectronics series outlines the process for determining levels of hardware assurance for systems and custom microelectronic components, which include application-specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) and other devices containing reprogrammable digital logic.

The levels of hardware assurance are determined by the national impact caused by failure or subversion of the top-level system and the criticality of the component to that top-level system. The guidance helps programs acquire a better understanding of their system and components so that they can effectively mitigate against threats...