Abstract: An embodiment includes executing, by a hypervisor, a bootloader with access to a first logical partition of a non-volatile memory, the first logical partition storing a keystore. The embodiment also includes loading, by the bootloader, a kernel with access to the first logical partition of the non-volatile memory. The embodiment also includes receiving, by the bootloader, an encryption key from the keystore. The embodiment also includes performing, by the bootloader, a cryptographic algorithm using the encryption key on the kernel. The embodiment also includes executing, by the bootloader in an event that the performing of the cryptographic algorithm produces a first result, the kernel with access to the first logical partition of the non-volatile memory. The embodiment also includes halting, by the bootloader in an event that the performing of the cryptographic algorithm fails to produce the first result, booting of the kernel and generating an error message.

Abstract: An embodiment includes executing, by a hypervisor, a bootloader with access to a first logical partition of a non-volatile memory, the first logical partition storing a keystore. The embodiment also includes loading, by the bootloader, a kernel with access to the first logical partition of the non-volatile memory. The embodiment also includes receiving, by the bootloader, an encryption key from the keystore. The embodiment also includes performing, by the bootloader, a cryptographic algorithm using the encryption key on the kernel. The embodiment also includes executing, by the bootloader in an event that the performing of the cryptographic algorithm produces a first result, the kernel with access to the first logical partition of the non-volatile memory. The embodiment also includes halting, by the bootloader in an event that the performing of the cryptographic algorithm fails to produce the first result, booting of the kernel and generating an error message.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.

Abstract: A method of probing printed circuit boards that includes providing a circuit board design including a plurality of probe points, and selecting a probe point including a location ink from the plurality of probe points in the circuit board design to be probed on a physical printed circuit board design. The method continues with probing at least one probe point of the plurality of probe points with a probe that activates the location ink. Activation of the location ink by the probe indicates the selected probe point including the locating ink.

Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.

Abstract: An approach is provided in which an information handling system detects a reduced capacity on a PCIe link that interfaces a host system to a PCIe I/O expansion drawer over a first/second physical cable. The information handling system verifies a first/second connection to a first/second connector on the PCIe I/O expansion drawer, receives a first/second set of vital product data over the first/second physical cable, and determines that the first physical cable and the second physical cable are connected to the same PCIe I/O expansion drawer based on analyzing the first/second set of vital product data. The information handling system then suspends operation of one or more components corresponding to the PCIe link and trains the PCIe link to an increased capacity. In turn, the information handling system resumes operation of the one or more components and restores the PCIe link to the increased capacity.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.

Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.

Abstract: A method, system and computer program product are provided for implementing cable failover in multiple cable Peripheral Component Interconnect Express (PCIE) IO interconnections to an external IO enclosure. System firmware is provided for implementing health check functions for the PCIE IO interconnections to identify a faulted low byte cable. A cable failover mechanism recovers a PCI link to the external IO enclosure. A multiplexer logic is provided between the PCIE host bridge (PHB) and the cable connected to the IO enclosure to perform a full lane reversal of the PCIE lanes.

Abstract: A method, system and computer program product are provided for implementing cable failover in multiple cable Peripheral Component Interconnect Express (PCIE) IO interconnections to an external IO enclosure. System firmware is provided for implementing health check functions for the PCIE IO interconnections to identify a faulted low byte cable. A cable failover mechanism recovers a PCI link to the external IO enclosure. A multiplexer logic is provided between the PCIE host bridge (PHB) and the cable connected to the IO enclosure to perform a full lane reversal of the PCIE lanes.

Abstract: A method of probing printed circuit boards that includes providing a circuit board design including a plurality of probe points, and selecting a probe point including a location ink from the plurality of probe points in the circuit board design to be probed on a physical printed circuit board design. The method continues with probing at least one probe point of the plurality of probe points with a probe that activates the location ink. Activation of the location ink by the probe indicates the selected probe point including the locating ink.

Abstract: An approach is provided in which an information handling system detects a reduced capacity on a PCIe link that interfaces a host system to a PCIe I/O expansion drawer over a first/second physical cable. The information handling system verifies a first/second connection to a first/second connector on the PCIe I/O expansion drawer, receives a first/second set of vital product data over the first/second physical cable, and determines that the first physical cable and the second physical cable are connected to the same PCIe I/O expansion drawer based on analyzing the first/second set of vital product data. The information handling system then suspends operation of one or more components corresponding to the PCIe link and trains the PCIe link to an increased capacity. In turn, the information handling system resumes operation of the one or more components and restores the PCIe link to the increased capacity.

Abstract: A method of probing printed circuit boards that includes providing a circuit board design including a plurality of probe points, and selecting a probe point including a location ink from the plurality of probe points in the circuit board design to be probed on a physical printed circuit board design. The method continues with probing at least one probe point of the plurality of probe points with a probe that activates the location ink. Activation of the location ink by the probe indicates the selected probe point including the locating ink.

Abstract: An approach is provided in which an information handling system suspends operation of one or more components corresponding to a PCIe link that is operating at a reduced capacity. The information handling system then trains the PCIe link to an increased capacity while the one or more components are suspended in operation. In turn, the information handling system resumes operation of the one or more components and restores the PCIe link to the increased capacity.

Abstract: An approach is provided in which a host system receives a request to power down a selected I/O module located in a PCIe I/O expansion drawer. The host system identifies at least one cable card located in the host system that corresponds to the selected I/O module and transmits at least one set of sideband signals to the PCIe I/O expansion drawer through at least one set of PCIe cable links. The host system, in turn, inhibits the transmission of the at least one set of sideband signals to power down the selected I/O module.

Abstract: A method for determining cable connections identifies a plurality of cables connected to a link included in a first device. The method identifies a first cable connected to the link included in the first device. The method determines that a second cable connected to is connected to a link included in a second device The method further determines that only one of an inbound and an outbound channel of a signaling lane included in the first cable is operable. The method utilizes a second cable to perform one of disabling signal transmission or detecting loss of signal on the operable channel. The method enables and disables signal transmission on the operable channel to determine that the first cable is connected to the link included in the remote device.

Abstract: A method and a system for enabling communications on a signaling link include a first and a second device interconnected by the signaling link. The first device performs the method to acquire information from the second device. Based on the information acquired the first device determines to enable the signaling link for operational communications between the first device and the second device. A computer programming product instructs a computer to perform the method.

Abstract: A method of probing printed circuit boards that includes providing a circuit board design including a plurality of probe points, and selecting a probe point including a location ink from the plurality of probe points in the circuit board design to be probed on a physical printed circuit board design. The method continues with probing at least one probe point of the plurality of probe points with a probe that activates the location ink. Activation of the location ink by the probe indicates the selected probe point including the locating ink.