Abstract: A system and method are disclosed for delegating, by a resource-constrained device, a privilege to a basic input/output system, wherein the privilege allows the basic input/output system to authenticate an endpoint device on behalf of the resource-constrained device. The system and method also includes generating an asymmetric security key that includes a private key and a public key and transmitting the public key to the basic input/output system, wherein the public key is included in a proxy certificate generated by the basic input/output system. In addition, the system and method includes establishing a secure session between the basic input/output system and the endpoint device using the private key and the proxy certificate, wherein the secure session is used by the basic input/output system to authenticate and verify that the endpoint device is authorized to perform an operation.

Abstract: Systems and methods provide thermal monitoring during updates to firmware used by managed hardware of an Information Handling System (IHS). A remote access controller of the IHS, that operates separate from CPUs of the IHS, initiates a firmware update for a hardware component via a bus mastered by the remote access controller. Except for transmissions in support of the firmware update, communications on the bus are blocked. While communications on the bus are blocked, a request is detected for transmission of a portion of the firmware update to the hardware component. A time is determined for responding to the request. Prior to the time for responding, a second of the hardware components of the IHS that shares the bus mastered by the remote access controller is polled for thermal data. During the firmware update of the hardware component, closed-loop cooling of the IHS is provided using the thermal data.

Abstract: System and methods are provided for updating firmware used by a managed hardware component of an Information Handling System (IHS). A remote access controller of the IHS, that operates separate from CPUs of the IHS and that provides remote management of the IHS, initiates an update of firmware used to operate the hardware component. A programmable hardware accelerator is detected within an inventory of managed hardware components of the IHS. Availability of the hardware accelerator is determined for transmission of data to the hardware component. Transmission of a firmware image to the hardware component is delegated to the hardware accelerator, providing faster transmission of the firmware image than would be possible by the remote access controller. Upon transmission of the firmware image by the hardware accelerator, the firmware of the hardware component is updated using the firmware image transmitted by the hardware accelerator.

Abstract: Embodiments of the present disclosure provide a firmware update to multiple, similar hardware devices in an Information Handling System (IHS). In an illustrative, non-limiting embodiment, an IHS may include computer-executable instructions to receive a request to perform a firmware update to a plurality of devices, update a first of the plurality of devices with the requested firmware update, and calculate a health score for the first device as a result of the first device being updated. Based upon the health score, the system and method may determine whether to update the other devices based at least in part, on the determined health score, and update the other devices based on the determination.

Abstract: Embodiments of systems and methods to provide firmware updates to multiple similar hardware devices in an Information Handling System (IHS) are disclosed. In an illustrative, non-limiting embodiment, an IHS may include computer-executable instructions to receive a request to perform a firmware update on a specific type of the hardware device, determine a subset of the hardware devices that are to receive the firmware update according to the type of each of the hardware devices, and download the firmware update to each of the subset of hardware devices.

Abstract: An Information Handling System (IHS) includes at least one hardware device in communication with a Baseboard Management Controller (BMC). The hardware device includes executable instructions for establishing a secure communication channel with the BMC, and subsequently receiving a list of allowed commands from the BMC. When a command is received by the hardware device, it determines whether the command is included in the list such that when the command is in the list and the command is received within the secure communication channel, the hardware device performs the command. However, when the command is in the list and the command is received outside of the secure communication channel, the hardware device ignores the command.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with multiple hardware devices of the IHS. The BMC includes executable instructions for transmitting a broadcast message to the hardware devices in which the broadcast message has a block of data including a digital signature of the BMC. Each of the hardware devices that receive the broadcast message are configured to transmit a broadcast acknowledgment message to the BMC. Using the block of data, the BMC and hardware devices may perform a mutual consensus procedure with other using a cryptographic hash function of the block of data.

Abstract: A system and method are disclosed for delegating, by a resource-constrained device, a privilege to a basic input/output system, wherein the privilege allows the basic input/output system to authenticate an endpoint device on behalf of the resource-constrained device. The system and method also includes generating an asymmetric security key that includes a private key and a public key and transmitting the public key to the basic input/output system, wherein the public key is included in a proxy certificate generated by the basic input/output system. In addition, the system and method includes establishing a secure session between the basic input/output system and the endpoint device using the private key and the proxy certificate, wherein the secure session is used by the basic input/output system to authenticate and verify that the endpoint device is authorized to perform an operation.

Abstract: An Information Handling System (IHS) includes at least one hardware device in communication with a Baseboard Management Controller (BMC). The hardware device includes executable instructions for establishing a secure communication channel with the BMC, and subsequently receiving a list of allowed commands from the BMC. When a command is received by the hardware device, it determines whether the command is included in the list such that when the command is in the list and the command is received within the secure communication channel, the hardware device performs the command. However, when the command is in the list and the command is received outside of the secure communication channel, the hardware device ignores the command.

Abstract: According to one embodiment, a path obfuscation system includes first and second hardware devices, and first and second interfaces configured to provide communication between the first and second hardware devices using a security protocol and data model (SPDM) protocol. The first hardware device comprises computer-executable instructions to receive a message to be transmitted to the second hardware device, segment the message into multiple groups of packets, and randomly select either the first or second interface to transmit each group of packet to the second hardware device.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with the plurality of hardware devices. The BMC includes executable instructions for monitoring the operating characteristics a hardware device that is operating in a fixed pass-through configuration with a workspace in which the workspace has been instantiated by a workspace orchestration service executed on the IHS. The executable instructions may determine that the operating characteristics are indicative of a security breach of the fixed pass-through configuration, and as such, may perform an operation to quarantine the one hardware device when the fixed pass-through configuration is determined to possess the security breach.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with the plurality of hardware devices. The BMC includes executable instructions for causing the one hardware device to be inhibited from functioning with the IHS when at least one of the hardware devices is powered on, and performing an authentication procedure with that hardware device. After that hardware device has been successfully authenticated, the instructions then enable the one hardware device to function with the IHS.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with multiple hardware devices of the IHS. The BMC includes executable instructions for transmitting a broadcast message to the hardware devices in which the broadcast message has a block of data including a digital signature of the BMC. Each of the hardware devices that receive the broadcast message are configured to transmit a broadcast acknowledgment message to the BMC. Using the block of data, the BMC and hardware devices may perform a mutual consensus procedure with other using a cryptographic hash function of the block of data.