Abstract: Embodiments of systems and methods to provide a firmware update to devices configured in a redundant configuration in an Information Handling System (IHS) are disclosed. In an illustrative, non-limiting embodiment, an IHS may include computer-executable instructions to receive a request for a secret known by the IHS, and attest the RAC by verifying that the public key exists in a manifest that is configured to store identifying information about a plurality of devices configured in the IHS. The request is signed using a private key of a first asymmetric key pair generated by a Remote Access Controller (RAC). Using a second public key of a second asymmetric key pair, the instructions encrypt the requested secret; and send the encrypted secret to the RAC, wherein the RAC is configured to use the second private key of the second asymmetric key pair to decrypt the encrypted secret.

Abstract: A computer-implemented method for automating a content release comprising the steps of: determining a content release plan associated with a content release, wherein the content release plan includes a plurality of line items, wherein each line item identifies a content item to be released; parsing the plurality of line items included in the content release plan to build a deployment graph, wherein the deployment graph identifies a plurality of deployment tasks to be executed to complete the content release; executing the content release plan by performing the plurality of deployment tasks according to a schedule identified in the content release plan; and updating the content release plan based on one or more real-time statuses of the plurality of deployment tasks.

Abstract: Embodiments provide methods for validating secure delivery of an IHS (Information Handling System) by confirming that the packages by which the IHS was delivered include only the packages used to ship the IHS from a factory or other trusted entity. During factory provisioning of the IHS, a shipping certificate is uploaded to the IHS, where the certificate includes shipping identifiers that are each associated with a package used to ship the IHS. Upon receiving packages by which the IHS has been shipped, shipping identifiers, such as bar codes and RFID codes, are collected from the received packages. The shipping identifiers collected from the received packages are compared against the shipping identifiers from the shipping certificate in order to validate the plurality of received packages as the same packages that were used to ship the IHS.

Abstract: Systems and procedures are provided for validating an IHS (Information Handling System) as operating using only factory-provisioned firmware. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory identifying firmware for use in the operation of the IHS. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. An inventory of firmware used by hardware components of the IHS is then collected. The validation process compares the collected inventory of firmware against the inventory of factory-provisioned firmware from the inventory certificate in order to validate the IHS is operating using only factory-provisioned firmware. A validation failure is signaled when the comparison indicates that a hardware component is not operating using the factory-provisioned firmware specified in the inventory certificate.

Abstract: Various embodiments provide methods for validating hardware modifications of an IHS (Information Handling System) by confirming that a hardware modification corresponds to a hardware component supplied for installation in the IHS by a trusted entity. During factory provisioning of an IHS, an inventory certificate that specifies the factory installed IHS hardware is uploaded to the IHS and is also stored for ongoing support of the IHS. Upon a hardware component being supplied for installation in the IHS by a trusted entity, the inventory of the stored inventory certificate is updated to identify the supplied component and the updated certificate is transmitted to the IHS. An inventory of detected hardware components of the IHS is compared against the inventory from the updated inventory certificate in order to validate the detected hardware of the IHS includes the component, supplied by the trusted entity, that is identified in the updated inventory certificate.

Abstract: Systems and methods for factory management of secured component verification in an Information Handling System (IHS) are described. In an embodiment, an IHS may include: a host processor; a security processor coupled to the host processor; and a memory coupled to the security processor, the memory having program instructions stored thereon that, upon execution by the host processor, cause the security processor to: obtain system information associated with the IHS from the security processor, sign the system information into a Secured Component Verification (SCV) certificate, issue the SCV to a cloud-based verification server. The verification server compares the system information with a stored golden copy of the system information, determines whether the comparison matches, and generates control information based upon the comparison. The host processor receives the control information from the cloud-based verification server, and controls the operation of the IHS based on the control information.

Abstract: Systems and procedures are provided for validating an IHS (Information Handling System) as operating using only factory-provisioned lockable devices. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory of factory-provisioned lockable devices and also includes encrypted code(s) for accessing the lockable devices. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. An inventory of detected lockable devices of the IHS is then collected. The validation process compares the collected inventory of detected lockable devices against the inventory of factory-provisioned lockable devices from the inventory certificate in order to validate the IHS is operating using only factory-provisioned lockable devices.

Abstract: Systems and procedures are provided for importing cryptographic credentials of a customer to an IHS (Information Handling System). During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an encrypted access code for unlocking the IHS and also includes encrypted credentials provided by the customer. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. A cryptographic challenge is issued that presents the encrypted access code. Further initialization of the IHS is halted until a response to the challenge is received from the customer that provides the decrypted access code. When the decrypted access code is received, further initialization of the IHS is enabled and the encrypted credentials from the inventory certificate are imported to the IHS, thus allowing the customer to establish an independent root of trusted components using the IHS.

Abstract: Various embodiments provide methods for validating hardware modifications of an IHS (Information Handling System) by confirming that a hardware modification corresponds to a hardware component supplied for installation in the IHS by a trusted entity. During factory provisioning of an IHS, an inventory certificate that specifies the factory installed IHS hardware is uploaded to the IHS and is also stored for ongoing support of the IHS. Upon a hardware component being supplied for installation in the IHS by a trusted entity, the inventory of the stored inventory certificate is updated to identify the supplied component and the updated certificate is transmitted to the IHS. An inventory of detected hardware components of the IHS is compared against the inventory from the updated inventory certificate in order to validate the detected hardware of the IHS includes the component, supplied by the trusted entity, that is identified in the updated inventory certificate.

Abstract: A voucher management system receives, from a computing device manufacturer system, an ownership voucher that transfers ownership of a computing device from the computing device manufacturer system to the voucher management system, and a hardware attestation certificate for the computing device, and associates them with the computing device in a voucher management database. When the voucher management system determines that the ownership of the computing device should be transferred to an end user system, it automatically generates second ownership transfer data by signing an end user system public key with a voucher management system private key, provides the second ownership transfer data in the ownership voucher in order to transfer ownership of the computing device from the voucher management system to the end user system, and provides the ownership voucher and the hardware attestation certificate to the end user system.

Abstract: Systems and methods provide validation of hardware components of an IHS (Information Handling System). An attestation certificate stored to the IHS specifies authenticated instructions for operation of a hardware component of the IHS. This attestation certificate is endorsed by a self-signed root attestation certificate. An identity certificate, also stored to the IHS, specifies an identity of the hardware component and is endorsed using an embedded keypair of the hardware component. The root attestation certificate is validated to ensure it corresponds to the hardware component specified in the identity certificate, where this validation confirms that a public key included in the identity certificate is identical to a public key included in the attestation certificate.

Abstract: System and method are provided for assigning a service identifier for use by an IHS (Information Handling System), where a new service identifier may be assigned to the IHS due to replacement of hardware of the IHS. The IHS is provisioned with an inventory certificate that identifies hardware components of the IHS, including a service identifier for the IHS. Support provided for the IHS is tracked based on this service identifier. A hardware component of the IHS is removed, where the service identifier is assigned to this removed hardware component. A replacement hardware component is installed in the IHS. An updated inventory certificate is generated that assigns a new service identifier to the replacement hardware component installed in the IHS. The IHS is provisioned with the updated inventory certificate that specifies the new service identifier. Support provided for the IHS is now tracked based on the new service identifier.

Abstract: A system for verifying unique components are installed in an end user information handling system comprises a manufacturing facility collecting component information into a data structure, encrypting the data structure, creating a secured component verification (SCV) certificate, signing the SCV certificate and communicating the SCV certificate to a repository, the repository storing the signed SCV certificate. A copy of the signed SCV certificate is saved onto the information handling system. When the information handling system is delivered, the copy of the SCV certificate is compared with the SCV certificate stored in the repository. If they match, the information handling system is verified. If a unique component is replaced, a delta certificate is created and stored with the original SCV certificate in the repository such that all changes to unique components in the information handling system are tracked.

Abstract: Methods and systems are provided for validating and registering an IHS (Information Handling System) and components of the IHS for technical support. Upon delivery and initialization of an IHS, an inventory certificate that was uploaded to the IHS during factory provisioning of the IHS is retrieved. The inventory certificate includes an inventory that identifies factory-installed hardware components in the IHS. The inventory also specifies whether a registration requirement has been specified for the IHS, such as to initiate technical support. While still operating a pre-boot validation process, an inventory is collected of the detected hardware components of the IHS. Based on the inventory certificate, the validation process confirms whether a detected hardware component is a factory-installed hardware component and determines whether registration is required. If required, registration of the IHS is initiated by the validation process and initialization of the IHS continues.

Abstract: Systems and procedures are provided for importing cryptographic credentials of a customer to an IHS (Information Handling System). During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an encrypted access code for unlocking the IHS and also includes encrypted credentials provided by the customer. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. A cryptographic challenge is issued that presents the encrypted access code. Further initialization of the IHS is halted until a response to the challenge is received from the customer that provides the decrypted access code. When the decrypted access code is received, further initialization of the IHS is enabled and the encrypted credentials from the inventory certificate are imported to the IHS, thus allowing the customer to establish an independent root of trusted components using the IHS.

Abstract: Systems and procedures are provided for validating an IHS (Information Handling System) as operating using only factory-provisioned firmware. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory identifying firmware for use in the operation of the IHS. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. An inventory of firmware used by hardware components of the IHS is then collected. The validation process compares the collected inventory of firmware against the inventory of factory-provisioned firmware from the inventory certificate in order to validate the IHS is operating using only factory-provisioned firmware. A validation failure is signaled when the comparison indicates that a hardware component is not operating using the factory-provisioned firmware specified in the inventory certificate.

Abstract: Systems and methods are provided for customer validation of hardware of an IHS (Information Handling System). During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that identifies factory installed components of the IHS. Upon deployment of the IHS, a customer issues a request for hardware validation, such as via an API exposed by a trusted component of the IHS. The IHS generates a certificate signing request (CSR) that specifies factory-installed hardware components of the IHS. The CSR is transmitted to the customer for use in generating an inventory certificate signed by a certificate authority that is selected by the customer. The customer's signed inventory certificate is stored to the IHS and used in validating some or all of the hardware of the IHS by comparing detected hardware components of the IHS against the inventory specified in the inventory certificate received from the customer.

Abstract: Systems and procedures are provided for validating an IHS (Information Handling System) as operating using only factory-provisioned lockable devices. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory of factory-provisioned lockable devices and also includes encrypted code(s) for accessing the lockable devices. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. An inventory of detected lockable devices of the IHS is then collected. The validation process compares the collected inventory of detected lockable devices against the inventory of factory-provisioned lockable devices from the inventory certificate in order to validate the IHS is operating using only factory-provisioned lockable devices.

Abstract: Systems and procedures are provided for provisioning an IHS (Information Handling System) to support validation of hardware components of the IHS. As part of manufacture of the IHS, an inventory of factory-installed hardware components of the IHS is generated. During factory provisioning, cryptographic capabilities of the IHS are used to generate a keypair, with the generated private key stored to a protected memory of the IHS. The inventory of factory-installed hardware components is signed using the private key. A trusted component of the IHS generates a certificate signing request (CSR) including the public key of the generated keypair, the digitally signed inventory and extensions identifying the factory-installed hardware components. A signed identity certificate is generated that attests to the digitally signed inventory, ownership of the private key corresponding to the public key from the CSR, and the extensions identifying the factory-installed hardware components of the IHS.

Abstract: Systems and procedures are provided for tracking hardware components of an IHS (Information Handling System). During factory provisioning of an IHS, an inventory certificate to the IHS is stored to the IHS that includes an inventory identifying factory-installed hardware components of the IHS. Also during the factory provisioning, a record is stored in a component datastore of the factory-installed hardware specified in the inventory certificate. Upon initialization of the delivered IHS, a pre-boot validation environment is initialized on the IHS and the stored inventory certificate is retrieved and used to validate the detected hardware components of the IHS. The results of the validation are then reported to a component datastore, where they are used to identify any transfer of a factory-installed hardware component. The factory datastore is updated in subsequent validations to reflect any detected modifications to the IHS in tracking genuine components.