Abstract: In accordance with embodiments of the present disclosure, a method may include: (i) retrieving a profile from a management controller of an information handling system, the management controller configured to provide management of the information handling system via management traffic communicated between the management controller and a dedicated management network external to the information handling system, and the profile including data regarding a configuration of the management controller; (ii) comparing the profile to one or more golden profiles to determine whether security of the management controller has been compromised; (iii) responsive to the profile matching a golden profile of the one or more golden profiles, permitting the management controller to continue execution; and (iv) responsive to the profile failing to match a golden profile of the one or more golden profiles, taking remedial action with respect to the management controller.

Abstract: A method may include, by a program of instructions embodied in a read-only memory of a management controller communicatively coupled to a host system processor of an information handling system and configured to provide management of the information handling system via management traffic communicated between the management controller and a dedicated management network external to the information handling system, performing authenticity checks for each of a plurality of sequentially loaded software components of the management controller and controlling execution of the plurality of software components and access by the software components to one or more information handling resources of the information handling system based on the authenticity checks and a configurable policy associated with the management controller, wherein such control of execution and access permits execution of and access by those software components passing the authenticity checks in the event of failure by at least one of the software

Abstract: A management controller may be configured to control connectivity among a host system processor, a primary ROM, and a recovery ROM in accordance with a plurality of modes of operation including at least a normal mode that occurs in response to absence of a corruption of the ROM code in which the management controller causes the host system processor to be communicatively coupled to the primary ROM and communicatively decoupled from the recovery ROM, such that the host system processor loads and executes the ROM code during boot of the host system, and a primary ROM recovery mode that occurs in response to presence of the corruption of the ROM code in which the management controller causes the host system processor to be coupled to the primary ROM and the recovery ROM, such that the host system processor loads and executes the recovery code during boot of the host system.

Abstract: A method may include storing a first set of secrets associated with an information handling system in a credential vault of a management controller configured to be coupled to a processor of a host system of the information handling system in order to provide management of the information handling system via management traffic communicated between the management controller and an external management network such that the first set of secrets are accessible responsive to a verified boot of the management controller and storing a second set of secrets associated with the information handling system in a storage of a cryptoprocessor owned by the management controller such that access to the second set of secrets may be granted in response to an administrator's provision of authorization to the cryptoprocessor, and such that access to the second set of secrets is prevented during runtime of the host system in absence of authorization.

Abstract: An information handling system and method provides basic input/output system (BIOS) recovery. At a baseboard management controller (BMC), a basic input/output system (BIOS) boot failure is detected. A non-volatile memory device a recovery image is obtained. The recovery image comprises instructions to perform a system software management (SSM) task. The instructions to perform the SSM task are executed. The execution comprises loading a BIOS image from a BMC persistent storage memory device, verifying the BIOS image, and writing the BIOS image to a BIOS non-volatile memory device. The system and method may utilize a recovery flash memory device attached to the BMC, a recovery flash memory device attached to a southbridge portion of a chipset, or a combination thereof to perform the BIOS recovery.

Abstract: Systems and methods are disclosed that may be employed to calibrate current sense circuitry of CPU core voltage (Vcore) DC/DC voltage regulation circuitry by coupling an individual Vcore phase of a VR as a current source to a VSA phase of the same VR so that the Vcore phase acts as a current sink for the coupled Vcore phase during calibration of the current sense circuitry of the individual Vcore phase.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor and a management controller for providing out-of-band management facilities for management of the information handling system, the management controller configured to emulate a physical audio controller device for interfacing with an operating system executing on the processor such that the management controller proxies audio data between the operating system and one or more audio devices.

Abstract: Systems and methods are disclosed for securing an information handling system. A method for securing an information handling system may include securing the information handling system in an enclosure with a locking mechanism of a bezel; receiving a request to unlock the bezel at a baseboard management controller (BMC), the BMC communicatively coupled to the bezel; retrieving a first artifact stored in a trusted platform module (TPM) in response to the request; attempting to authorize the request using the first artifact; and unlocking the locking mechanism if the request is authorized.

Abstract: In accordance with embodiments of the present disclosure, a management controller configured to provide management-domain management of an information handling system may include a processor and a key management utility embodied in non-transitory computer-readable media. The key management utility may be configured to issue one or more commands to a cryptoprocessor for storing and sealing a key encryption key on the cryptoprocessor, wherein the key encryption key is for decrypting a media encryption key for encrypting and decrypting data stored to a storage resource of a host domain of the information handling system. The key management utility may also be configured to issue one or more commands to the cryptoprocessor for unsealing and retrieving the key encryption key from the cryptoprocessor.

Abstract: A method includes storing configuration data for a Trusted Platform Module (TPM) in a pre-boot environment such as Unified Extensible Firmware Interface (UEFI), reading the configuration data, and automatically configuring the TPM based upon the configuration data. The configuring includes storing values of TPM parameters in non-volatile memory of the TPM. A method includes UEFI firmware of a circuit board on an assembly line configuring a TPM. An information handling system includes UEFI firmware and a TPM. The UEFI firmware configures the TPM from a configuration file stored in memory of the UEFI firmware.

Abstract: A method may include in response to determining a host system is off, configuring a video controller of an information handling system including setting a display resolution of the video controller and writing management video data associated to a primary frame buffer such that management video data is able to be retrieved by the video controller for output to one or both of a first display associated with the host system and a second display of a management interface communicatively coupled to a management controller communicatively coupled to the processor and the memory and configured to provide out-of-band management of the information handling system. The method may further include in response to determining the host system is on, writing the management video data to an alternate frame buffer such that management video data is able to be retrieved by the video controller for output to the second display.

Abstract: In accordance with embodiments of the present disclosure, a method may include receiving a unique identifier associated with a host information handling system. The method may also include, responsive to receiving the unique identifier, communicating a signed unique identifier to the host information handling system, the signed unique identifier comprising the unique identifier signed with a private key. The method may further include enabling at least one of pre-boot access and root access by a client information handling system to an access controller responsive to the access controller decrypting the signed unique identifier with a public key corresponding to the private key and determining that the decrypted signed unique identifier and the unique identifier match.

Abstract: Systems and method for increasing current monitor accuracy are disclosed. The systems and methods may include receiving a run-time load value from a current monitor, determining a component parameter value associated with the run-time load value, and communicating the component parameter value to the current monitor.

Abstract: A method includes storing configuration data for a Trusted Platform Module (TPM) in a pre-boot environment such as Unified Extensible Firmware Interface (UEFI), reading the configuration data, and automatically configuring the TPM based upon the configuration data. The configuring includes storing values of TPM parameters in non-volatile memory of the TPM. A method includes UEFI firmware of a circuit board on an assembly line configuring a TPM. An information handling system includes UEFI firmware and a TPM. The UEFI firmware configures the TPM from a configuration file stored in memory of the UEFI firmware.

Abstract: An auxiliary power control system for enabling a software command that a management controller sends to the power supply to shut down auxiliary power. Such a power control system enables an AC cycle without needing to physically remove an AC power cord and provides additional power savings when a system is not in use. In certain embodiments, the auxiliary power control system includes a paradigm of a main power state, an auxiliary power state and a sub-auxiliary state. In this system many of the power states and wake vents apply to the auxiliary power state in addition to the main power state.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor and a management controller for providing out-of-band management facilities for management of the information handling system, the management controller configured to emulate a physical audio controller device for interfacing with an operating system executing on the processor such that the management controller proxies audio data between the operating system and one or more audio devices.

Abstract: Systems and method for increasing current monitor accuracy are disclosed. The systems and methods may include receiving a run-time load value from a current monitor, determining a component parameter value associated with the run-time load value, and communicating the component parameter value to the current monitor.

Abstract: An information handling system and method provides basic input/output system (BIOS) recovery. At a baseboard management controller (BMC), a basic input/output system (BIOS) boot failure is detected. A non-volatile memory device a recovery image is obtained. The recovery image comprises instructions to perform a system software management (SSM) task. The instructions to perform the SSM task are executed. The execution comprises loading a BIOS image from a BMC persistent storage memory device, verifying the BIOS image, and writing the BIOS image to a BIOS non-volatile memory device. The system and method may utilize a recovery flash memory device attached to the BMC, a recovery flash memory device attached to a southbridge portion of a chipset, or a combination thereof to perform the BIOS recovery.

Abstract: Systems and methods are disclosed that may be used for controlling information handling system power supply based on current system power policy such as current system load power need and/or based on current system load power capping information. The disclosed systems and methods may be so implemented to improve power use efficiency for information handling system applications in which a power supply unit (PSU) has a power delivery capability that is overprovisioned relative to the power-consuming system load component/s of an information handling system.

Abstract: In accordance with embodiments of the present disclosure, a method may include receiving a unique identifier associated with a host information handling system. The method may also include, responsive to receiving the unique identifier, communicating a signed unique identifier to the host information handling system, the signed unique identifier comprising the unique identifier signed with a private key. The method may further include enabling at least one of pre-boot access and root access by a client information handling system to an access controller responsive to the access controller decrypting the signed unique identifier with a public key corresponding to the private key and determining that the decrypted signed unique identifier and the unique identifier match.