Abstract: Embodiments allow for multiple instances of a state machine to connect with multiple clients. Additionally, a plurality of connection states, while maintaining a connection with a single physical client device, may support multiple modes. For example, a wireless peripheral device determines whether it is paired with a client device and connects if it is, by selecting a saved long term bonding key, based on a user selected device mode. When a scan timeout expires, the device switches to another saved bonding key. When an overall connection timeout expires, these steps repeat. If the device is not already paired, it pairs with a client by setting long term paring key generation key(s), bonding with the client using the generation key(s) to generate a paring key, distributing the pairing key to the client, and saving the pairing key, as a bonding key, based on user selected device mode.

Abstract: Managing firmware updates of an information handling system (IHS), including performing, at a first time, a calibration and configuration of a firmware update risk model, including: identifying predictor data associated with a plurality of IHS; training, based on the predictor data, the firmware update risk model, including generating a configuration policy including configuration rules, the configuration rules for performing computer-implemented actions responsive to a firmware update; receiving, at a second time, the firmware update at a particular IHS, and in response: identifying particular predictor data of the particular IHS; in response to identifying the particular predicator data of the particular IHS, i) accessing the firmware update risk model including the configuration policy, ii) identifying one or more of the configuration rules based on the identified particular predicator data, and iii) applying the one or more configuration rules to perform computer-implemented actions responsive to receivin

Abstract: Managing firmware updates of an information handling system (IHS), including performing, at a first time, a calibration and configuration of a firmware update risk model, including: identifying predictor data associated with a plurality of IHS; training, based on the predictor data, the firmware update risk model, including generating a configuration policy including configuration rules, the configuration rules for performing computer-implemented actions responsive to a firmware update; receiving, at a second time, the firmware update at a particular IHS, and in response: identifying particular predictor data of the particular IHS; in response to identifying the particular predicator data of the particular IHS, i) accessing the firmware update risk model including the configuration policy, ii) identifying one or more of the configuration rules based on the identified particular predicator data, and iii) applying the one or more configuration rules to perform computer-implemented actions responsive to receivin

Abstract: An information handling system may include at least one processor, and a memory coupled to the at least one processor. The information handling system may be configured to: detect a problem during a boot of the information handling system; transmit telemetry data associated with the problem to at least one remote telemetry server, wherein the at least one remote telemetry server is configured to analyze the telemetry data and other telemetry data from other information handling systems; receive resolution instructions from the at least one remote telemetry server; and implement a resolution of the detected problem based on the resolution instructions.

Abstract: An information handling system may include at least one processor, a memory coupled to the at least one processor, and an information handling resource including a firmware. The information handling system may be configured to: boot into an operating system stored on the memory; after booting into the operating system, receive, from at least one remote server, information regarding a vulnerability associated with the firmware; based on a security policy, determine a resolution for mitigation of the vulnerability; and store information regarding the resolution in a storage location accessible to a preboot environment of the information handling system, wherein the preboot environment is configured to apply the resolution upon a subsequent boot of the information handling system.

Abstract: Embodiments of information handling systems (IHS) and computer implemented methods are disclosed herein to proactively restore missing firmware components to a computer readable storage device of an IHS. In one embodiment, a method may execute a first set of program instructions, before an operating system (OS) is loaded into a system memory of the IHS, to determine if one or more firmware components previously stored within the computer readable storage device is/are missing. If the first set of program instructions determines at least one firmware component is missing, the method may execute additional program instructions to retrieve a copy of the missing firmware component(s) from a remotely located system, and store the retrieved copy of the missing firmware component(s) within the computer readable storage device. The additional program instructions can be executed before the OS is loaded in some embodiments, and after the OS is loaded in other embodiments.

Abstract: Embodiments of information handling systems (IHS) and computer implemented methods are disclosed herein to restore system firmware to a selected restore point. In one embodiment, the IHS may include a computer readable non-volatile memory configured to store system firmware, a computer readable storage device configured to store an operating system (OS), a system registry, and an OS restore application, and a processing device configured to execute program instructions within the OS restore application to restore the system registry to a selected restore point and reboot the IHS. As the IHS is in the process of being rebooted, the processing device may execute program instructions within a firmware restore application stored within the computer readable non-volatile memory or the computer readable storage device to restore the system firmware to the selected restore point.

Abstract: Systems and methods for providing a tamper-proof, dual-boot Information Handling System (IHS) having Operating System (OS)-specific hardware and/or firmware components. In some embodiments, a method may include: producing, by an Embedded Controller (EC) of an IHS, a Real-Time Clock (RTC) battery-powered General-Purpose Input/Output (GPIO) control or external latch; applying the RTC battery-powered GPIO control to a chip select circuit; and selecting, via the chip select circuit: (i) a first flash memory configured to boot the IHS into a diagnostic mode or first OS, or (ii) a second flash memory configured to boot the IHS into a native OS.

Abstract: The present disclosure provides an information handling system (IHS) and related methods that use physical presence verification to establish unique trust relationships between boot firmware and one or more individual applications provided within an IHS. The IHS and methods disclosed herein provide secure verification of user physical presence by verifying the physical presence of a user during a pre-boot phase of the boot firmware (i.e., before an operating system (OS) is loaded and running). After user physical presence is verified during the pre-boot phase, the IHS and methods disclosed herein generate a physical presence (PP) bind token during OS runtime that may be used to establish a unique trust relationship between the boot firmware and one or more individual applications provided within the IHS.

Abstract: An information handling system may include at least one processor, a memory coupled to the at least one processor, and an information handling resource including a firmware. The information handling system may be configured to: boot into an operating system stored on the memory; after booting into the operating system, receive, from at least one remote server, information regarding a vulnerability associated with the firmware; based on a security policy, determine a resolution for mitigation of the vulnerability; and store information regarding the resolution in a storage location accessible to a preboot environment of the information handling system, wherein the preboot environment is configured to apply the resolution upon a subsequent boot of the information handling system.

Abstract: An information handling system may include at least one processor, and a memory coupled to the at least one processor. The information handling system may be configured to: detect a problem during a boot of the information handling system; transmit telemetry data associated with the problem to at least one remote telemetry server, wherein the at least one remote telemetry server is configured to analyze the telemetry data and other telemetry data from other information handling systems; receive resolution instructions from the at least one remote telemetry server; and implement a resolution of the detected problem based on the resolution instructions.

Abstract: Embodiments of information handling systems (IHS) and computer implemented methods are disclosed herein to proactively restore missing firmware components to a computer readable storage device of an IHS. In one embodiment, a method may execute a first set of program instructions, before an operating system (OS) is loaded into a system memory of the IHS, to determine if one or more firmware components previously stored within the computer readable storage device is/are missing. If the first set of program instructions determines at least one firmware component is missing, the method may execute additional program instructions to retrieve a copy of the missing firmware component(s) from a remotely located system, and store the retrieved copy of the missing firmware component(s) within the computer readable storage device. The additional program instructions can be executed before the OS is loaded in some embodiments, and after the OS is loaded in other embodiments.

Abstract: Embodiments of information handling systems (IHS) and computer implemented methods are disclosed herein to restore system firmware to a selected restore point. In one embodiment, the IHS may include a computer readable non-volatile memory configured to store system firmware, a computer readable storage device configured to store an operating system (OS), a system registry, and an OS restore application, and a processing device configured to execute program instructions within the OS restore application to restore the system registry to a selected restore point and reboot the IHS. As the IHS is in the process of being rebooted, the processing device may execute program instructions within a firmware restore application stored within the computer readable non-volatile memory or the computer readable storage device to restore the system firmware to the selected restore point.

Abstract: Systems and methods for providing pre-boot services in an Information Handling System (IHS) having Operating System (OS)-specific hardware and/or firmware components. In some embodiments, an IHS may include an Embedded Controller (EC), a first Operating System (OS)-specific chip coupled to the EC, and a second OS-specific chip coupled to the EC, where the EC is configured to cause the IHS to: in a first mode of operation, perform a first boot procedure using the first OS-specific chip; and in a second mode of operation, perform a second boot procedure using the second OS-specific chip.

Abstract: In one or more embodiments, a first operating system may receive, via a first non-volatile memory medium of an information handling system, an executable file from information handling system firmware; the executable file may provide configuration information to the first operating system; the first operating system may configure the information handling system based at least on the configuration information; a second operating system may be received; the second operating system may be installed to a second non-volatile memory medium; the executable file may provide the configuration information to the second operating system; and the second operating system may configure the information handling system based at least on the configuration information.

Abstract: Systems and methods to build a trusted HTTPS session on a limited pre-boot BIOS environment in an information handling system. The information handling system may include a BIOS that may be stored in a secure read-only region of a flash storage. The BIOS may download signed certification authority (CA) information from a server based on a target location that may be stored at the secure read-only region. The BIOS may authenticate the signed CA information based on a public key that may be stored at the secure read-only region. The BIOS may, when the signed CA information is authenticated, download a root CA chain from the server and authenticate the root CA chain. The BIOS may, when the root CA chain is authenticated, establish a secure encrypted transport layer security (TLS) session with the server based the root CA chain.

Abstract: Systems and methods to build a trusted HTTPS session on a limited pre-boot BIOS environment in an information handling system. The information handling system may include a BIOS that may be stored in a secure read-only region of a flash storage. The BIOS may download signed certification authority (CA) information from a server based on a target location that may be stored at the secure read-only region. The BIOS may authenticate the signed CA information based on a public key that may be stored at the secure read-only region. The BIOS may, when the signed CA information is authenticated, download a root CA chain from the server and authenticate the root CA chain. The BIOS may, when the root CA chain is authenticated, establish a secure encrypted transport layer security (TLS) session with the server based the root CA chain.

Abstract: Systems and methods for providing a tamper-proof, dual-boot Information Handling System (IHS) having Operating System (OS)-specific hardware and/or firmware components. In some embodiments, a method may include: producing, by an Embedded Controller (EC) of an IHS, a Real-Time Clock (RTC) battery-powered General-Purpose Input/Output (GPIO) control or external latch; applying the RTC battery-powered GPIO control to a chip select circuit; and selecting, via the chip select circuit: (i) a first flash memory configured to boot the IHS into a diagnostic mode or first OS, or (ii) a second flash memory configured to boot the IHS into a native OS.

Abstract: In one or more embodiments, a first operating system may receive, via a first non-volatile memory medium of an information handling system, an executable file from information handling system firmware; the executable file may provide configuration information to the first operating system; the first operating system may configure the information handling system based at least on the configuration information; a second operating system may be received; the second operating system may be installed to a second non-volatile memory medium; the executable file may provide the configuration information to the second operating system; and the second operating system may configure the information handling system based at least on the configuration information.

Abstract: The present disclosure provides an information handling system (IHS) and related methods that use physical presence verification to establish unique trust relationships between boot firmware and one or more individual applications provided within an IHS. The IHS and methods disclosed herein provide secure verification of user physical presence by verifying the physical presence of a user during a pre-boot phase of the boot firmware (i.e., before an operating system (OS) is loaded and running). After user physical presence is verified during the pre-boot phase, the IHS and methods disclosed herein generate a physical presence (PP) bind token during OS runtime that may be used to establish a unique trust relationship between the boot firmware and one or more individual applications provided within the IHS.