Abstract: Examples disclosed herein relate to determining malware using firmware of a computing device. Firmware can be used to determine that an indication is present that malware is present on the computing device. The firmware can be executed to perform a security action in response to the indication that malware is present on the computing device.

Abstract: A method disclosed herein relates to determining an inventory of a plurality of servers based on unique fingerprints and common fingerprints; creating a common set of installed firmware and a plurality of unique sets of installed firmware based on the inventory of the plurality of servers; creating subcategory sets of installed firmware based on the common set of installed firmware and categories of components included in the plurality of servers; obtaining updated versions of firmware corresponding to the subcategory sets of installed firmware and the unique sets of installed firmware; in response to an update request, creating containers for the updated versions of firmware corresponding to the subcategory sets of the installed firmware and the unique sets of installed firmware; and sending update messages to the plurality of servers including links to the respective containers.

Abstract: Examples disclosed herein relate to performing a security action based on a comparison of digital signatures. An intrusion detection mode is initiated by a baseboard management controller. A first digital signature of hardware devices is calculated during the activation of the intrusion detection mode. The first digital signature is stored. Upon detection of a trigger, a second digital signature is calculated for the current hardware devices. The digital signatures are compared. A security action is performed based on the comparison.

Abstract: Examples disclosed herein relate to performing an action based on a pre-boot measurement of a firmware image. In an example, at a firmware component in a system, a measurement of a firmware image may be determined prior to booting of the system, beginning from a hardware root of trust boot block, by a Trusted Platform Module (TPM) emulator engine that emulates a hardware-based TPM. A pre-determined measurement of the firmware image may be retrieved from a storage location within the system. The measurement of the firmware image may be compared with the pre-determined measurement of the firmware image prior to booting of the system. In response to a determination that the measurement of the firmware image is different from the pre-determined measurement of the firmware image, performing an action.

Abstract: An example device includes a processor coupled to a network and a memory coupled to the processor. The memory includes computer code for causing the processor to establish a secure connection between a manageability application and an interconnect device, the interconnect device being in communication with a newly connected networked device; and securely communicate, from the manageability application to the interconnect device, temporary login information for the networked device.

Abstract: An example computing system in accordance with an aspect of the present disclosure includes a first controller and a second controller. The first controller is to verify integrity of a first root of trust (ROT), and generate an integrity signal indicating the results. The second controller is to verify integrity of a second ROT, write the firmware image to the first controller, and verify integrity of the written firmware image.

Abstract: In an example, a first metadata tag and a second metadata tag are added to first Personally Identifiable Information (PII) of a first user handled by a first application. The first PII is to be part of call home data captured from a hosting system. The first metadata tag may be indicative of security rules to be complied with for the first application and the second metadata tag may be indicative of security rules to be complied with for the first user. The first PII, the first metadata tag, and the second metadata tag may be protected and transmitted to a data processing center. The transmission may be in response to a determination to transmit the call home data.

Abstract: A technique includes, in response to an exception occurring in the execution of a process on a computer, invoking an operating system service. The operating system service is used to sanitize data that is associated with the process and is stored in a memory of the computer. The data is associated with sensitive information.

Abstract: Examples disclosed herein relate to performing a security action based on a comparison of digital signatures. An intrusion detection mode is initiated by a baseboard management controller. A first digital signature of hardware devices is calculated during the activation of the intrusion detection mode. The first digital signature is stored. Upon detection of a trigger, a second digital signature is calculated for the current hardware devices. The digital signatures are compared. A security action is performed based on the comparison.

Abstract: Various aspects of the subject technology relate to methods, systems, and machine-readable media for selective erase of persistent and non-volatile memory (NVM) devices. The method includes receiving a notification of a deleted block, the deleted block including sensitive data located in a memory block of an NVM device. The method also includes marking an address of the deleted block as read protected to prevent reading of the deleted block. The method also includes assigning a criticality ranking and a wear out level to the deleted block. The method also includes prioritizing write commands to the deleted block based on the criticality ranking and the wear out level of the deleted block. The method also includes overwriting the deleted block with zeroes or a specific pattern to permanently erase the sensitive data.

Abstract: Examples disclosed herein relate to approaches for securing a computing system. A management controller is to monitor a plurality of parameters of monitored controllers. The management controller provides each of the controllers a key to update the parameters. The management controller includes a representation of the parameters. A current version of one of the parameters is received from one of the monitored controllers. It is determined whether an unauthorized modification occurred to the current version of the first parameter using the representation.

Abstract: Techniques for on-demand remote diagnostics for hardware component/device failure and disk drive data recovery using embedded media are described. In one example embodiment, a hardware device failure event alert along with a unique ID and a hardware device configuration fingerprint is sent upon detecting a hardware component failure event associated with the hardware device in a datacenter to an image management framework. A recovery image associated with the hardware device failure event is then obtained using the unique ID and the hardware device configuration fingerprint. The recovery image is then stored in an embedded storage media associated with the failed hardware device. The embedded storage media is then configured as a bootable hardware device. The hardware component failure is then diagnosed using the stored recovery image and the bootable hardware device upon hardware device boot-up. Recovering from the hardware device failure based on diagnosing the hardware component failure.

Abstract: Example implementations relate to secure update of firmware and software. For example, a method for providing secure firmware and software updates to a computing system includes receiving, by a management processor, an update request from a management station for the computing system, where the update request comprises update parameters indicative of components to be updated within the computing system. Further, the method includes storing details of the update request including the update parameters at a pre-defined memory location, where the update parameters include at least one certificate associated with the update request. The method also includes accessing, at least one of a firmware image and a software patch corresponding to the update request based on identification of the update parameters stored at the pre-defined memory location by an update manager, where the update manager has predefined access rights and privileges within an Operating System (OS) of the computing system.

Abstract: Examples disclosed herein relate to backing up persistent memory. There is at least one memory addressable by at least one processor. The persistent memory includes a persistent memory region with multiple portions. A secondary storage includes a first backup of the persistent memory region. Modifications to the persistent memory region are tracked. Updated portions associated with the modifications are written to the secondary storage.

Abstract: Techniques for detecting an early boot error are provided. In one aspect, a host processor may transition to a first phase of an early boot process. The early boot process may occur before the host processor initializes a primary link between the host processor and a management controller. The host processor may then update a dual purpose boot register to store an early boot phase identifier corresponding to the first phase and an early boot status identifier corresponding to the first phase.

Abstract: Examples disclosed herein relate to performing a security action based on a comparison of digital signatures. An intrusion detection mode is initiated by a baseboard management controller. A first digital signature of hardware devices is calculated during the activation of the intrusion detection mode. The first digital signature is stored. Upon detection of a trigger, a second digital signature is calculated for the current hardware devices. The digital signatures are compared. A security action is performed based on the comparison.

Abstract: Examples include an authenticated access to manageability hardware components in a computing device. Some examples enumerate manageability hardware components connected to an operative system kernel of the computing device, the manageability hardware components comprising a bus configuration space and the bus configuration space comprising memory map registers. Some examples include encoding an address stored in the memory map registers of each of the manageability hardware components to produce encoded address to control unauthorized accesses and locks the bus configuration space of each manageability hardware component by setting a read-only attribute to the bus configuration space. Some examples reprogram, in response to a request for access of an authenticated OS component to a manageability hardware component, the memory map register of the requested manageability hardware component with an accessible address to provide the authenticated OS component with access to the manageability hardware component.

Abstract: Example implementations relate to a server including a platform controller hub (PCH), where the PCH includes a peripheral device manager, a management processor coupled to the peripheral device manager, and a peripheral device interface to couple with a peripheral device and provide out of band access of the peripheral device via the management processor and peripheral device manager to a memory of the server.

Abstract: A method disclosed herein relates to determining an inventory of a plurality of servers based on unique fingerprints and common fingerprints; creating a common set of installed firmware and a plurality of unique sets of installed firmware based on the inventory of the plurality of servers; creating subcategory sets of installed firmware based on the common set of installed firmware and categories of components included in the plurality of servers; obtaining updated versions of firmware corresponding to the subcategory sets of installed firmware and the unique sets of installed firmware; in response to an update request, creating containers for the updated versions of firmware corresponding to the subcategory sets of the installed firmware and the unique sets of installed firmware; and sending update messages to the plurality of servers including links to the respective containers.

Abstract: Examples disclosed herein relate to determining malware using firmware of a computing device. Firmware can be used to determine that an indication is present that malware is present on the computing device. The firmware can be executed to perform a security action in response to the indication that malware is present on the computing device.