Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: In an approach, a processor receives input data comprising: (i) a code level for an update, (ii) a scheduled time for the update; (iii) a target system for the update, and (iv) authorization data, where the authorization data: (i) allows for scheduling of the update and (ii) is provided via a channel external from a connection to the target system without an inbound connection. A processor receives a set of data from the target system. A processor, responsive to receiving the set of data from the target system, sends a response packet to the target system that includes the input data. A processor receives, at the scheduled time, a request to process the update. A processor, responsive to the request, sends code for processing the update corresponding to the code level for the update. A processor receives status messages corresponding to progress of the update.

Abstract: In an approach, a processor receives input data comprising: (i) a code level for an update, (ii) a scheduled time for the update; (iii) a target system for the update, and (iv) authorization data, where the authorization data: (i) allows for scheduling of the update and (ii) is provided via a channel external from a connection to the target system without an inbound connection. A processor receives a set of data from the target system. A processor, responsive to receiving the set of data from the target system, sends a response packet to the target system that includes the input data. A processor receives, at the scheduled time, a request to process the update. A processor, responsive to the request, sends code for processing the update corresponding to the code level for the update. A processor receives status messages corresponding to progress of the update.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: Embodiments include method, systems and computer program products for preventing unauthorized resource updates. In some embodiments, it may be determined that a mainframe computer is not within a service period. A control file may be obtained and decrypted. Using the decrypted control file, the mainframe computer may be determined to be authorized. An available resource update file may be selected based on a determination that the mainframe computer is authorized. An update to a resource of the mainframe computer may be facilitated based on the available resource update file.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: Embodiments include method, systems and computer program products for preventing unauthorized resource updates. In some embodiments, it may be determined that a mainframe computer is not within a service period. A control file may be obtained and decrypted. Using the decrypted control file, the mainframe computer may be determined to be authorized. An available resource update file may be selected based on a determination that the mainframe computer is authorized. An update to a resource of the mainframe computer may be facilitated based on the available resource update file.

Abstract: A system and method of managing a plurality of assets by associating a smart card with a compute subsystem by installing a database on the smart card and embedding an identifier of the compute subsystem. The system and method, in turn, may receive a request to access an asset of a compute subsystem; verify that a feature of the database is enabled in response to the request, the feature corresponding to the asset; and grant the access to access the asset upon the verifying of the feature.

Abstract: A system and method of managing a plurality of assets by associating a smart card with a compute subsystem by installing a database on the smart card and embedding an identifier of the compute subsystem. The system and method, in turn, may receive a request to access an asset of a compute subsystem; verify that a feature of the database is enabled in response to the request, the feature corresponding to the asset; and grant the access to access the asset upon the verifying of the feature.

Abstract: A system and method of managing a plurality of assets by associating a smart card with a compute subsystem by installing a database on the smart card and embedding an identifier of the compute subsystem. The system and method, in turn, may receive a request to access an asset of a compute subsystem; verify that a feature of the database is enabled in response to the request, the feature corresponding to the asset; and grant the access to access the asset upon the verifying of the feature.

Abstract: A system and method of managing a plurality of assets by associating a smart card with a compute subsystem by installing a database on the smart card and embedding an identifier of the compute subsystem. The system and method, in turn, may receive a request to access an asset of a compute subsystem; verify that a feature of the database is enabled in response to the request, the feature corresponding to the asset; and grant the access to access the asset upon the verifying of the feature.

Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.

Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.

Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.