Abstract: A method and information handling system (IHS) for identifying communication threats in an IHS. The method includes triggering a board management controller (BMC) to transmit a plurality of memory addresses identifying where a plurality of network packets received by the IHS are stored. A field programmable gate array (FPGA) within a processor receives the memory addresses of the network packets and retrieves the network packets. The network packets are analyzed by comparing at least one threat signature that is associated with undesired network behavior with the contents of the network packets. In response to the at least one threat signature matching the contents of at least one of the network packets, an intrusion alert is transmitted to the BMC.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor, an information handling resource communicatively coupled to the processor, and a management controller communicatively coupled to the processor and the information handling resource and configured to provide out-of-band management of the information handling system. The management controller may further configured to receive a message indicating that an existing private key associated with the information handling resource is compromised, the message including a replacement public key for replacing an existing public key associated with the information handling resource and associated with the existing private key and responsive to the message, cause the existing public key associated with the information handling resource to be replaced with the replacement public key.

Abstract: Systems and methods for using Peripheral Component Interconnect Express Vendor-Defined Message (PCIe-VDM) and Inter-Integrated Circuit (I2C) transport for network communications are described. In some embodiments, an IHS may include: a host processor; a Basic Input/Output System (BIOS) coupled to the host processor; a Baseboard Management Controller (BMC) coupled to the host processor; and a memory coupled to the BMC, the memory having program instructions stored thereon that, upon execution, cause the BMC to: receive a message over a network while the host processor is powered off, wherein the message originates from a remote IHS and targets the BMC; and in response to a pass-through data transfer rate available to the BMC not meeting a threshold value: power on the host processor; request that the BIOS boot up; and perform a communication with the remote IHS via a PCIe bus using a PCIe-VDM supported by the host processor.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor, a network interface communicatively coupled to the processor, a management controller communicatively coupled to the processor and configured to provide management of the information handling system via a communications channel physically isolated from the network interface, and a controller. The controller may be configured to filter for a packet indicative of a request to remotely reset the management controller and, in response to receiving the packet indicative of the request to remotely reset the management controller, perform a reset of the management controller.

Abstract: In accordance with embodiments of the present disclosure, a method may include during boot of an information handling system, obtaining from a management controller integral to the information handling system information regarding resource requirements for one or more peripheral devices communicatively coupled to the one or more processor sockets integral to the information handling system and the management controller. The method may also include determining whether a default allocation of resources for the one or more peripheral devices among the one or more processor sockets by a basic input/output system integral to the information handling system satisfies the resource requirements. The method may further include, in response to determining the default allocation does not satisfy the resource requirements, rebalancing resources among the one or more processor sockets to satisfy the resource requirements prior to enumeration of the one or more peripheral devices.

Abstract: In accordance with embodiments of the present disclosure, a system may include a chassis comprising a plurality of slots, each of the plurality of slots configured to receive a respective modular information handling system, a shared infrastructure comprising a plurality of components which are shared by modular information handling systems received in the slots, and a controller communicatively coupled to the slots and configured to determine a shared infrastructure power consumption indicative of power consumed by the shared infrastructure, allocate the shared infrastructure power consumption among modular information handling systems received in the slots, and set a respective host-level power limit for each of the modular information handling systems received in the slots, such that each modular information handling system consumes power in accordance with its respective host-level power limit.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor, a power supply unit for supplying electrical energy to information handling resources of the information handling system, a battery backup unit for supplying electrical energy to the information handling resources responsive to a power event associated with the power supply unit, and a non-transitory computer-readable readable medium having embodied thereon a program of instructions configured to, when executed, in response to the power event, gracefully terminate one or more applications executing on the processor in accordance with a desired priority ranking.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor, an input/output port communicatively coupled to the processor, and an access controller communicatively coupled to the processor. The an input/output port may be configured to receive an external input/output device and communicatively couple such input/output device to one or more information handling resources of the information handling system. The access controller may be configured to responsive to an attempted management operation at the information handling system, determine if an input/output device coupled to the input/output port is authenticated as a trusted input/output device. The access controller may also be configured to, responsive to determining that the input/output device is authenticated as a trusted input/output device, allow execution of the attempted management operation.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor, a peripheral device, and a service processor communicatively coupled to the processor and the peripheral device and configured to perform out-of-band management of the information handling system. The service processor may further configured to communicatively couple to a management controller having executing thereon a virtual service processor, receive a command associated with the peripheral device from the management controller, deliver the command to the peripheral device, receive data from the peripheral device, and communicate the data to the management controller.

Abstract: Systems and methods for using Peripheral Component Interconnect Express Vendor-Defined Message (PCIe-VDM) and Inter-Integrated Circuit (I2C) transport for network communications are described. In some embodiments, an IHS may include: a host processor; a Basic Input/Output System (BIOS) coupled to the host processor; a Baseboard Management Controller (BMC) coupled to the host processor; and a memory coupled to the BMC, the memory having program instructions stored thereon that, upon execution, cause the BMC to: receive a message over a network while the host processor is powered off, wherein the message originates from a remote IHS and targets the BMC; and in response to a pass-through data transfer rate available to the BMC not meeting a threshold value: power on the host processor; request that the BIOS boot up; and perform a communication with the remote IHS via a PCIe bus using a PCIe-VDM supported by the host processor.

Abstract: Baseboard management systems and methods with distributed intelligence for multi-node platforms. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include a plurality of modules, each of the plurality of modules including a plurality of nodes, each of the plurality of nodes including a system-on-chip (SoC), each of the plurality of SoCs including an integrated management controller (iMC), each of the plurality of iMCs configured to implement a first intelligent platform management interface (IPMI) stack having a first architecture; and a plurality of baseboard management controllers (BMCs), each of the BMCs disposed on a corresponding one of the plurality of modules, each of the BMCs coupled to the plurality of iMCs on the corresponding one of the plurality of modules, each of the plurality of iMCs configured to implement a second IPMI stack having a second architecture different from the first architecture.

Abstract: An information handling system (IHS) prevents execution of corrupted bootup instructions in flash memory. A memory component contains basic input/output system (BIOS) instructions to execute during boot up of the IHS. A host processor is in communication with the memory component via the system interconnect to execute the BIOS instructions to configure the IHS. A support processor executes instructions to configure the IHS to: (a) calculate a current hash value for the BIOS instructions; (b) access a trusted encrypted hash value and the unique key from a secure storage; (c) decrypt the trusted encrypted hash value using the unique key to obtain a trusted hash value; (d) determine whether the current hash value is identical to the trusted hash value; and (e) allow execution of the BIOS instructions by the host processor in response to determining that the encrypted current hash value is identical to the trusted hash value.

Abstract: In accordance with embodiments of the present disclosure, an information handling system comprising may include a host system processor and a management controller communicatively coupled to the host system processor and configured to provide management of the information handling system via management traffic communicated between the management controller and a network external to the information handling system. The management controller may be further configured to couple to the external network via a first network interface integral to the management controller, emulate a second network interface to an operating system executing on the host system processor, and bridge the first network interface and the second network interface such that host system traffic may be communicated between the host system processor and the external network via the management controller.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor, an information handling resource communicatively coupled to the processor, and a management controller communicatively coupled to the processor and the information handling resource and configured to provide out-of-band management of the information handling system. The management controller may further configured to receive a message indicating that an existing private key associated with the information handling resource is compromised, the message including a replacement public key for replacing an existing public key associated with the information handling resource and associated with the existing private key and responsive to the message, cause the existing public key associated with the information handling resource to be replaced with the replacement public key.

Abstract: A method and information handling system (IHS) for identifying communication threats in an IHS. The method includes triggering a board management controller (BMC) to transmit a plurality of memory addresses identifying where a plurality of network packets received by the IHS are stored. A field programmable gate array (FPGA) within a processor receives the memory addresses of the network packets and retrieves the network packets. The network packets are analyzed by comparing at least one threat signature that is associated with undesired network behavior with the contents of the network packets. In response to the at least one threat signature matching the contents of at least one of the network packets, an intrusion alert is transmitted to the BMC.

Abstract: An information handling system (IHS) prevents execution of corrupted bootup instructions in flash memory. A memory component contains basic input/output system (BIOS) instructions to execute during boot up of the IHS. A host processor is in communication with the memory component via the system interconnect to execute the BIOS instructions to configure the IHS. A support processor executes instructions to configure the IHS to: (a) calculate a current hash value for the BIOS instructions; (b) access a trusted encrypted hash value and the unique key from a secure storage; (c) decrypt the trusted encrypted hash value using the unique key to obtain a trusted hash value; (d) determine whether the current hash value is identical to the trusted hash value; and (e) allow execution of the BIOS instructions by the host processor in response to determining that the encrypted current hash value is identical to the trusted hash value.

Abstract: In accordance with embodiments of the present disclosure, a method may include during boot of the information handling system, in response to one of a system management request received by a management controller or user input indicative of a task received during boot, downloading, by a basic input/output system (BIOS), from a network database communicatively coupled to the network interface, one or more executable modules for completing a system management request or a task. The method may also include executing the one or more downloaded modules.

Abstract: In accordance with embodiments of the present disclosure, a method may include during boot of an information handling system, obtaining from a management controller integral to the information handling system information regarding resource requirements for one or more peripheral devices communicatively coupled to the one or more processor sockets integral to the information handling system and the management controller. The method may also include determining whether a default allocation of resources for the one or more peripheral devices among the one or more processor sockets by a basic input/output system integral to the information handling system satisfies the resource requirements. The method may further include, in response to determining the default allocation does not satisfy the resource requirements, rebalancing resources among the one or more processor sockets to satisfy the resource requirements prior to enumeration of the one or more peripheral devices.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor, a management controller communicatively coupled to the processor and configured to provide out-of-band management of the information handling system, and an interface for communicatively coupling the management controller to a second information handling system external to the information handling system for out-of-band management of the information handling system. The management controller may be further configured to serve as a proxy between one or more target management controllers of one or more other information handling systems and the second information handling system to facilitate out-of-band management of the one or more other information handling systems by the second information handling system while communicatively coupled to the interface.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor, a network interface communicatively coupled to the processor, a management controller communicatively coupled to the processor and configured to provide management of the information handling system via a communications channel physically isolated from the network interface, and a controller. The controller may be configured to filter for a packet indicative of a request to remotely reset the management controller and, in response to receiving the packet indicative of the request to remotely reset the management controller, perform a reset of the management controller.