I'd like us (Rackspace) to publish a full whitepaper about what we have done, but I'll break down things into two topical areas:
1) Requiring signing of all firmwares, and putting those firmware private keys in control of Rackspace whenever possible.
2) Disabling systems of integration between the BMC and Operating system -- for example we completely disable the HECI bus, removing a major surface area for the operating system to affect the BMC.
I suspect an ideal state to be in would be that there was no firmware flashing at all, the various bits of hardware would have some version of the firmware in ROM and could load a replacement firmware into RAM, but never be able to store that in a PROM, thus guaranteeing that no malicious code could ever persist between tenants.
Probably a lot harder to arrange with hardware people though.
I guess my concern with signed firmware is that it's increasing the attack surface of the firmware by adding in crypto code. Identifying malicious code is going to be hard enough to start with, let alone hunting down its attack vector, let alone getting a decent fix from some vendor in a useful timeframe!
Strictly speaking, you can get traditional vendors to do firmware signing -- but getting them to put your public key in there will be more difficult, with volume most of the big vendors will be... accommodating.
Dell's 12th generation PowerEdge for example has a pretty good baseline outlined here:
So that most of our hot data fits in RAM? I would expect the type of machine you guys are selling to come with 256Gb standard, to be honest (and the cost of another 128Gb of RAM is negligible -- I'd pay a couple more $ per day or whatever for it).
