Abstract: A RAID integrity verification system includes a chassis housing a software RAID subsystem that is coupled to storage devices and configured to provide a logical storage device using the storage devices. A management subsystem in the chassis is coupled to the storage devices and retrieves first RAID configuration information associated with the logical storage device from each of the storage devices and uses it to generate a first RAID logical storage device integrity verification measurement block. Subsequently, the management subsystem retrieves second RAID configuration information associated with the logical storage device from each of the storage devices and uses it to generate a second RAID logical storage device integrity verification measurement block.

Abstract: A software RAID/management communication system includes a chassis housing a software RAID subsystem coupled to a shared memory subsystem and storage devices, and a management subsystem that is coupled to the storage devices, and that is coupled to the shared memory subsystem via an MMBI connection. The management subsystem determines that at least one of the storage devices does not include a storage device memory subsystem that is configured for software RAID/management communications and, in response, transmits MCTP communications via the MMBI connection to retrieve RAID configuration information from the storage device(s) via the software RAID subsystem and the shared memory subsystem. The management subsystem then uses the RAID configuration information to perform at least one RAID management operation on at least one RAID logical storage device provided by the storage device(s).

Abstract: A software RAID/management communication system includes a chassis housing a software Redundant Array of Independent Disk (RAID) subsystem and a management subsystem that are each coupled to a storage device having a storage device memory subsystem. The software RAID subsystem provides a software RAID information request in the storage device memory subsystem that requests the management subsystem provide software RAID information associated with the operation of a software RAID provided by the software RAID subsystem, the software RAID subsystem then periodically accesses the storage device memory subsystem and, when the software RAID subsystem determines that the management subsystem has provided a software RAID information response in the storage device memory subsystem, the software RAID subsystem retrieves the software RAID information that was provided in the storage device memory subsystem by the management subsystem.

Abstract: A resilient software Redundant Array of Independent Disk (RAID)/management communication system includes a chassis housing a software RAID subsystem coupled to a plurality of storage devices that are also coupled to a management subsystem. The software RAID subsystem designates a first storage device in the plurality of storage devices as a primary storage device and a second storage device in the plurality of storage devices as a secondary storage device, and uses the respective storage device memory subsystem in the first storage device to transmit first management communications with the management subsystem. If the software RAID subsystem determines that the first storage device is unavailable, it uses the respective storage device memory subsystem in the second storage device to transmit second management communications with the management subsystem.

Abstract: A management-subsystem-based software RAID configuration system includes a chassis housing storage devices that each include a respective storage device memory subsystem and that are each coupled to a management subsystem and a software RAID subsystem. The software RAID subsystem uses the storage devices to create a RAID.

Abstract: A software Redundant Array of Independent Disk (RAID)/management trusted storage-device-based communication system includes a chassis housing a software Redundant Array of Independent Disk (RAID) subsystem, a storage device that is coupled to the software RAID subsystem and that includes a storage device memory subsystem, and a management subsystem that is coupled to the storage device. The management subsystem authenticates the storage device to establish management subsystem/storage device trust between the management subsystem and the storage device and, in response, uses the storage device to establish management subsystem/software RAID subsystem trust between the management subsystem and the software RAID subsystem. In response to establishing the management subsystem/storage device trust and the management subsystem/software RAID subsystem trust, the management subsystem transmits communications with the software RAID subsystem via the storage device memory subsystem in the storage device.

Abstract: A software RAID/management communication system includes a chassis housing a software RAID subsystem coupled to a shared memory subsystem and storage devices, and a management subsystem that is coupled to the storage devices, and that is coupled to the shared memory subsystem via an MMBI connection. The management subsystem determines that at least one of the storage devices does not include a storage device memory subsystem that is configured for software RAID/management communications and, in response, transmits MCTP communications via the MMBI connection to retrieve RAID configuration information from the storage device(s) via the software RAID subsystem and the shared memory subsystem. The management subsystem then uses the RAID configuration information to perform at least one RAID management operation on at least one RAID logical storage device provided by the storage device(s).

Abstract: A software Redundant Array of Independent Disk (RAID)/management trusted storage-device-based communication system includes a chassis housing a software Redundant Array of Independent Disk (RAID) subsystem, a storage device that is coupled to the software RAID subsystem and that includes a storage device memory subsystem, and a management subsystem that is coupled to the storage device. The management subsystem authenticates the storage device to establish management subsystem/storage device trust between the management subsystem and the storage device and, in response, uses the storage device to establish management subsystem/software RAID subsystem trust between the management subsystem and the software RAID subsystem. In response to establishing the management subsystem/storage device trust and the management subsystem/software RAID subsystem trust, the management subsystem transmits communications with the software RAID subsystem via the storage device memory subsystem in the storage device.

Abstract: A resilient software Redundant Array of Independent Disk (RAID)/management communication system includes a chassis housing a software RAID subsystem coupled to a plurality of storage devices that are also coupled to a management subsystem. The software RAID subsystem designates a first storage device in the plurality of storage devices as a primary storage device and a second storage device in the plurality of storage devices as a secondary storage device, and uses the respective storage device memory subsystem in the first storage device to transmit first management communications with the management subsystem. If the software RAID subsystem determines that the first storage device is unavailable, it uses the respective storage device memory subsystem in the second storage device to transmit second management communications with the management subsystem.

Abstract: Systems and methods provide thermal monitoring during updates to firmware used by managed hardware of an Information Handling System (IHS). A remote access controller of the IHS, that operates separate from CPUs of the IHS, initiates a firmware update for a hardware component via a bus mastered by the remote access controller. Except for transmissions in support of the firmware update, communications on the bus are blocked. While communications on the bus are blocked, a request is detected for transmission of a portion of the firmware update to the hardware component. A time is determined for responding to the request. Prior to the time for responding, a second of the hardware components of the IHS that shares the bus mastered by the remote access controller is polled for thermal data. During the firmware update of the hardware component, closed-loop cooling of the IHS is provided using the thermal data.

Abstract: According to embodiments of the present disclosure, an Information Handling System (IHS), systems and methods for identifying firmware versions of a firmware image using SPDM alias certificates are disclosed. In one embodiment, an IHS includes a Security Protocol and Data Model (SPDM)-enabled device conforming to a SPDM specification, and computer-executable instructions to receive a request to attest a firmware image, generate an alias certificate using a hash of the firmware and version information associated with the firmware in response to the request, and using the alias certificate, attest the version of the firmware image using the version information.

Abstract: According to one embodiment, a path obfuscation system includes first and second hardware devices, and first and second interfaces configured to provide communication between the first and second hardware devices using a security protocol and data model (SPDM) protocol. The first hardware device comprises computer-executable instructions to receive a message to be transmitted to the second hardware device, segment the message into multiple groups of packets, and randomly select either the first or second interface to transmit each group of packet to the second hardware device.

Abstract: Systems and methods provide for SPDM-enabled devices that conform to an SPDM specification. An SPDM-enabled device receives a request to provision a certificate chain on the device and sends an event notification message to a baseboard management controller. The event notification message indicates receipt of a request to provision a certificate chain in a slot on the SPDM-enabled device. The baseboard management controller evaluates the certificate chain against the device manufacturer's certificate profile policy. If the certificate chain is valid, then a validation successful message is sent to the SPDM-enabled device, which in turn sends a certificate provision response to a requesting device. If the certificate chain is not valid, then a validation failure message is sent to the SPDM-enabled device, which causes the SPDM-enabled device to enter a quarantine state.

Abstract: According to embodiments of the present disclosure, systems and methods to advertise Security Protocol and Data Model (SPDM) command timing requirements are provided. According to one embodiment, an Information Handling System (IHS) includes a requester and a responder conforming to a SPDM specification in which the responder is configured with computer-executable logic to, in response to a request from a requester, generate an estimated amount of time to process a SPDM command, and send the estimated amount of time to the requester in response to the request. The requester may then wait the estimated amount of time between sending each of multiple ensuing commands to the responder.

Abstract: According to embodiments of the present disclosure, systems and methods to provide pre-deployment assessment for device integrity are disclosed. The pre-deployment assessment systems and methods include computer-executable instructions to identify a Security Protocol and Data Model (SPDM)-enabled device conforming to a SPDM specification, obtain one or more identifying parameters and one or more critical parameters from the SPDM-enabled device, and communicate with a server to obtain information about the SPDM-enabled device without sending any critical information to the server. The instructions then determine whether the SPDM-enabled device is authorized for use in the IHS by comparing the identifying parameters with the information obtained from the server, and when the SPDM-enabled device is authorized for use with the IHS, send the critical parameters to the server.

Abstract: According to embodiments of the present disclosure, systems and methods for SPDM device and BMC pairing are provided. According to one embodiment, an Information Handling System (IHS) includes a Security Protocol and Data Model (SPDM)-enabled device conforming to a SPDM specification, and a Baseboard Management Controller (BMC) configured with computer executable instructions to provision a SPDM identity certificate of the BMC in the SPDM-enabled device, verify that the BMC has been paired with the SPDM-enabled device using the SPDM identity certificate, and when the authentication of the SPDM-enabled device fails, inhibit operation of the SPDM-enabled device in the IHS.

Abstract: According to embodiments of the present disclosure, systems and methods to manage Security Protocol and Data Model (SPDM) secure communication sessions are provided. According to one embodiment, an Information Handling System (IHS) includes a Security Protocol and Data Model (SPDM)-enabled device conforming to a SPDM specification in which the SPDM-enabled device has a specified quantity of supported private communication sessions. The IHS also includes computer-executable instructions to, when an application requests use of one of the private communication sessions, determine whether one of the private communication sessions is available, and enable the application to communicate with the SPDM-enabled device through the one private communication session based on the determination.

Abstract: According to embodiments of the present disclosure, a firmware cloning system and method provided using Security Protocol and Data Model (SPDM)-enabled devices. The firmware cloning system and method include program instructions that may be executed on a processing system to mutually authenticate with a source IHS to generate shared security keys, and end a request to the source IHS to generate a server profile comprising information associated with a configuration of the source HIS. A source HIS is configured to generate the server profile in response to the request, encrypt the server profile using one of the security keys, and send the encrypted server profile to the target HIS. The target HIS then is configured to receive the encrypted server profile, decrypt the encrypted server profile using a source of the shared security keys, and configure the target IHS according to the decrypted server profile.

Abstract: According to embodiments of the present disclosure, an Information Handling System (IHS), systems and methods for dynamic policy assignment of secure communication using Security Protocol and Data Model (SPDM) are disclosed. An Information Handling System (IHS) includes a first SPDM-enabled device conforming to a SPDM specification, receives a request to transmit data to a second SPDM-enabled device, obtain one or more policies associated with a corresponding one or more transmission criteria of the first SPDM-enabled device relative to the second SPDM-enabled device, and determine whether the data is to be encrypted based upon whether a transmission of the data meets the transmission criteria. Based upon the determination, encrypt the data prior to transmitting the data to the second SPDM-enabled device.

Abstract: According to embodiments of the present disclosure, a firmware cloning prevention system and method provided using Security Protocol and Data Model (SPDM)-enabled devices. The firmware cloning prevention system and method include program instructions that may be executed on a processing system to determine, by a first node configured in a certificate chain as specified by the SPDM specification, that a second node in the certificate chain possesses a private key stored on the ensuing node, perform a challenge-response verification to establish proof of possession of the private key, and inhibit operation of the ensuing node based upon the challenge-response verification. The second node is the next sequential node of the certificate chain.