Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A method, system and apparatus for provisioning a computation into a trusted execution environment, including verifying the trusted execution environment, generating integrity information of the computation, generating sealed data, sending information of the computation, the sealed data, and integrity information to the trusted execution environment, confirming the sealed data, and verifying integrity of the computation information from the integrity information and the computation information.

Abstract: A method, system and apparatus for generating a computation such that it will execute in a target trusted execution environment (TEE), including selecting the target TEE, generating an authorization that is satisfied by a TEE, associating the authorization with the computation that executes in the TEE that is authorized, and generating the computation with the associated authorization.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.

Abstract: A key identifier that identifies a cryptographic key is transmitted to a cryptographic coprocessor. A first set of attributes is received from the cryptographic coprocessor. The first set of attributes and a second set of attributes are serialized into a first sequence of attributes. The first sequence of attributes are stored to an attribute frame. One or more attributes in the second set of attributes are associated with the cryptographic key and originate from a key attribute storage of the key management system. The second set of attributes is different from the first set of attributes. The first sequence of attributes is transmitted to the cryptographic coprocessor. A first message authentication code (MAC) calculated from the first sequence of attributes is received from the cryptographic coprocessor. The attribute frame is verified by comparing the first MAC, or a value derived from the first MAC, to a reference value.

Abstract: A key identifier that identifies a cryptographic key is transmitted to a cryptographic coprocessor. A first set of attributes is received from the cryptographic coprocessor. The first set of attributes and a second set of attributes are serialized into a first sequence of attributes. The first sequence of attributes are stored to an attribute frame. One or more attributes in the second set of attributes are associated with the cryptographic key and originate from a key attribute storage of the key management system. The second set of attributes is different from the first set of attributes. The first sequence of attributes is transmitted to the cryptographic coprocessor. A first message authentication code (MAC) calculated from the first sequence of attributes is received from the cryptographic coprocessor. The attribute frame is verified by comparing the first MAC, or a value derived from the first MAC, to a reference value.

Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory and an encrypted persistent storage. The appliance SVM stores the application data in the persistent storage. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

Abstract: An embodiment of the invention may include a method, computer program product, and computer system for monitoring a computing device. The embodiment includes retrieving data from physical components of the method. The embodiment includes converting the data to at least one spectral format. The embodiment includes analyzing the converted data with a spectral detector. The embodiment includes performing a remediation action of the code anomaly based on detecting a code anomaly by the spectral detector.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.

Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory. The appliance SVM processes the commands without ever saving any persistent state of the application data. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.

Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory and an encrypted persistent storage. The appliance SVM stores the application data in the persistent storage. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory. The appliance SVM processes the commands without ever saving any persistent state of the application data. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.