Abstract: Presented are scalable systems and methods for dynamically and incrementally updating a file system to patch firmware in an embedded device deployed in the field. In various embodiments, advantageously, the update and release process of, e.g., Linux-based firmware may be accomplished by using a simplified patching process that updates the firmware without having to update or replace the entire file system. As a result, a patch, e.g., security fix to existing firmware in the field, can be provided to customers relatively quickly, e.g., prior to a full firmware release that incorporates the fix is made available later on, thereby, eliminating traditional, full-image upgrades that are subject to time consuming release cycles, space constraints, and other limitations.

Abstract: An in-band remote access controller access system includes a remote access controller. A Basic Input/Output System (BIOS) that is coupled to the remote access controller and includes a BIOS storage that stores a configuration table including a plurality of function definitions that are configured to provide for the management of an in-band communication session with the remote access controller. A secure storage system includes boot security information that is configured to provide for the performance of a managed boot of the BIOS. A processing system provides, to the remote access controller using at least one of the plurality of function definitions, application security information provided by an application requesting access to the remote access controller. The remote access controller authenticates the application security information using the boot security information and, in response, establishes a communication session with the application.

Abstract: A Common Information Module (CIM) interoperability system includes a server device coupled to a network. A remote access controller in the server device is coupled to server component(s), and includes a CIM provider coupled via a CIM provider communication subsystem to a REpresentational State Transfer (REST)-CIM provider. The REST-CIM provider receives a REST request generated by a client device and redirected to the REST-CIM provider by the server device, and converts the REST request to CIM request. The REST-CIM provider then makes a call to the CIM provider that includes the CIM request and is based on a type of HTTP method request in the REST request. When the REST-CIM provider receives a CIM response from the CIM provider, it converts Common Manageability Programming Interface (CMPI) response data in that CIM response to JavaScript Object Notation (JSON) objects, and provides the JSON objects to the server device.

Abstract: A method and data processing device for detecting connection of a second device at an interface of an IHS. The method includes receiving a request to modify at least one secure functionality associated with the IHS, the request comprising identification input. The method includes generating security credentials that correspond to a predetermined level of security that is assigned to the identification input. The method includes triggering the service processor to establish a secure communication link to the second device for communicatively connecting a digitally generated keyboard. The method includes autonomously inputting the security credentials to the digitally generated keyboard. The method includes signaling to the digitally generated keyboard to write the security credentials to the second device for use to obtain access to the IHS according to the predetermined level of security.

Abstract: A web-based graphical user interface system includes an embedded controller in a chassis that couples to a physical display device and input device, and creates a virtual display device and input device. When an input is received from the physical input device, the embedded controller generates a virtual input on the virtual input device. A chassis management controller in the chassis is coupled to the embedded controller, and views the virtual display device and input device as local devices. The chassis management controller may render a web-based graphical user interface and direct it to the virtual display device such that it is transmitted to the embedded controller for display on the physical display device. The chassis management controller may also identify the virtual input generated by the embedded controller on the virtual input device and, in response, translates the virtual input into a web-based graphical user interface event.

Abstract: A Common Information Module (CIM) interoperability system includes a server device coupled to a network. A remote access controller in the server device is coupled to server component(s), and includes a CIM provider coupled via a CIM provider communication subsystem to a REpresentational State Transfer (REST)-CIM provider. The REST-CIM provider receives a REST request generated by a client device and redirected to the REST-CIM provider by the server device, and converts the REST request to CIM request. The REST-CIM provider then makes a call to the CIM provider that includes the CIM request and is based on a type of HTTP method request in the REST request. When the REST-CIM provider receives a CIM response from the CIM provider, it converts Common Manageability Programming Interface (CMPI) response data in that CIM response to JavaScript Object Notation (JSON) objects, and provides the JSON objects to the server device.

Abstract: A web-based graphical user interface system includes an embedded controller in a chassis that couples to a physical display device and input device, and creates a virtual display device and input device. When an input is received from the physical input device, the embedded controller generates a virtual input on the virtual input device. A chassis management controller in the chassis is coupled to the embedded controller, and views the virtual display device and input device as local devices. The chassis management controller may render a web-based graphical user interface and direct it to the virtual display device such that it is transmitted to the embedded controller for display on the physical display device. The chassis management controller may also identify the virtual input generated by the embedded controller on the virtual input device and, in response, translates the virtual input into a web-based graphical user interface event.

Abstract: An in-band remote access controller access system includes a remote access controller. A Basic Input/Output System (BIOS) that is coupled to the remote access controller and includes a BIOS storage that stores a configuration table including a plurality of function definitions that are configured to provide for the management of an in-band communication session with the remote access controller. A secure storage system includes boot security information that is configured to provide for the performance of a managed boot of the BIOS. A processing system provides, to the remote access controller using at least one of the plurality of function definitions, application security information provided by an application requesting access to the remote access controller. The remote access controller authenticates the application security information using the boot security information and, in response, establishes a communication session with the application.

Abstract: A method and data processing device for detecting connection of a second device at an interface of an IHS. The method includes receiving a request to modify at least one secure functionality associated with the IHS, the request comprising identification input. The method includes generating security credentials that correspond to a predetermined level of security that is assigned to the identification input. The method includes triggering the service processor to establish a secure communication link to the second device for communicatively connecting a digitally generated keyboard. The method includes autonomously inputting the security credentials to the digitally generated keyboard. The method includes signaling to the digitally generated keyboard to write the security credentials to the second device for use to obtain access to the IHS according to the predetermined level of security.

Abstract: A method, an information handling system (IHS), and a system for capturing video data and serial data during an IHS failure. The method includes detecting, via a controller, an occurrence of a system event log (SEL) incident in the IHS. In response to detecting the occurrence of the SEL incident in the IHS, a data recording window is retrieved from a volatile controller memory. The data recording window contains video data and serial data for a time period up to a time of detection of the SEL incident. The method further includes storing the data recording window including the video data and the serial data for the time period to a non-volatile controller memory.

Abstract: A pair of servers may include a source server hosting a source virtual machine (VM) and a target server hosting a target VM. The source server may include a source central processing unit (CPU) and a source baseboard management controller (BMC), and the target server may include a target CPU and a target BMC. The source server and the target server are connected by an inband connection, and the source BMC and the target BMC are connected by a connection distinct from the inband connection. The source VM may be migrated to the target server over the inband connection, and in response to migrating the source VM, security data corresponding to the source VM is communicated from the source BMC to the target BMC over the connection between the BMCs.

Abstract: A method to enforce secure boot policy in an IHS configured with a plurality of virtual machines. The method includes detecting a request for a virtual machine to access a service processor. In response to detecting the request, the method includes triggering a handshake request between a hypervisor boot emulator and the service processor to initiate a sequence of authentication steps to access a corresponding secure partition of memory from among a plurality of secure partitions of memory associated with the service processor. Each secure partition of memory has a corresponding virtual platform key for preserving secure access to the corresponding secure partition of memory stored in a secure platform. The method further includes dynamically generating unlock keys, derived in part by the corresponding virtual platform key, to authenticate a requesting virtual machine as a valid virtual machine to obtain access to a corresponding secure partition of memory.

Abstract: Debugging operations may utilize a dedicated debug port associated with a baseboard management controller. The baseboard management controller executes software programming that eliminates any need for a debugging cable. The baseboard management controller also permits debugging between virtual machines.

Abstract: A pair of servers may include a source server hosting a source virtual machine (VM) and a target server hosting a target VM. The source server may include a source central processing unit (CPU) and a source baseboard management controller (BMC), and the target server may include a target CPU and a target BMC. The source server and the target server are connected by an inband connection, and the source BMC and the target BMC are connected by a connection distinct from the inband connection. The source VM may be migrated to the target server over the inband connection, and in response to migrating the source VM, security data corresponding to the source VM is communicated from the source BMC to the target BMC over the connection between the BMCs.

Abstract: Systems and methods are provided that may be implemented to securely load Unified Extensible Firmware Interface (UEFI) images (e.g., UEFI Applications, UEFI Drivers, UEFI firmware volumes, etc.) onto an information handling system from an authenticated (e.g., OEM authenticated) hardware image source device or “IO store” (e.g., such as USB device, network file system device, PCIe device, network storage, shared storage, dynamic RAM disk, etc.) based on a UEFI virtual device path that is mapped to an authenticated hardware device path that is established for the authenticated hardware image source device.

Abstract: Debugging operations may utilize a dedicated debug port associated with a baseboard management controller. The baseboard management controller executes software programming that eliminates any need for a debugging cable. The baseboard management controller also permits debugging between virtual machines.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor and a management controller communicatively coupled to the processor and configured to provide out-of-band management of the information handling system. The management controller may be further configured to receive video data from an external graphics controller external to a motherboard upon which the processor resides, wherein each of the external graphics controller and the management controller are endpoints of a root complex instantiated on the processor and forward the video data to a remote management console communicatively coupled to the management controller via a network.

Abstract: Service discovery is accomplished across a network with reduced traffic. Network devices often receive multicast discovery requests for various protocols and/or services, which increase network traffic and degrade network performance. Here, though, a server maintains a membership list for a particular protocol. The server populates the membership list with subnet devices that confirm the particular protocol. Whenever the server receives a discovery request associated with the protocol, the server need not clog its subnet with multicast requests. Instead, the server need only retrieve the membership list that is associated with the protocol. The membership list contains the subnet addresses assigned to the subnet devices that confirm the particular protocol.

Abstract: A remote secure drive access method includes receiving a first message from a second server. The message may be received by a baseboard management controller (BMC) of the first server via a PCIe switch from a second server coupled to the first server via an ExpEther connection. A payload of the message may include identification information identifying the second server. The first server may send an endpoint discover message and receive endpoint device information indicative of peripheral and/or endpoint resources of the second server, including a storage controller associated with a secure drive. Secure drive key information may be obtained from the payload of the first virtual message and sent to the second server to access the secure drive. The exchanged messages may comprise proprietary PCIe transaction layer packets enclosed within an Ethernet packet that includes an ExpEther frame within an Ethernet frame.

Abstract: A method to enforce secure boot policy in an IHS configured with a plurality of virtual machines. The method includes detecting a request for a virtual machine to access a service processor. In response to detecting the request, the method includes triggering a handshake request between a hypervisor boot emulator and the service processor to initiate a sequence of authentication steps to access a corresponding secure partition of memory from among a plurality of secure partitions of memory associated with the service processor. Each secure partition of memory has a corresponding virtual platform key for preserving secure access to the corresponding secure partition of memory stored in a secure platform. The method further includes dynamically generating unlock keys, derived in part by the corresponding virtual platform key, to authenticate a requesting virtual machine as a valid virtual machine to obtain access to a corresponding secure partition of memory.