Abstract: A system, method, and computer-readable medium are disclosed for performing a platform security operation, comprising: presenting a platform security user interface, the platform security user interface including a plurality of security blocks, each of the plurality of security blocks corresponding to a particular security policy function configuring a security policy via the platform security user interface, the configuring comprising combining a set of the security blocks according to a desired security function; converting the set of security blocks to information representing the security policy; and, deploying the security policy to an information handling system.

Abstract: Embodiments of systems and methods are provided herein to establish a secure communication channel for communicating dock configuration actions from an administrator information handling system (IHS) to a docking station. One embodiment of such a system includes an administrator IHS configured to communicate dock configuration actions to a docking station, a host IHS configured to verify the validity of a dock certificate received from the docking station against a dock certificate authority server, and a docking station configured to verify the validity of an administrator certificate received from the admin IHS against a preconfigured list of valid administrator certificates stored within the docking station. If the validity of the dock certificate and the administrator certificate are respectively verified by the host IHS and the docking station, the host IHS and the docking station are further configured to establish the secure communication channel between the administrator IHS and the docking station.

Abstract: In some examples, a software agent may request a token from a server. The request may include dock identifiers associated with one or more docks, credentials, and actions to be performed by the one or more docks. The server may determine, using an access control list, whether the credentials authorize the software agent to instruct the one or more docks to perform the actions. If the server determines that the software agent is authorized, then the server may send a token to the software agent. The software agent may send an action request to the one or more docks. The action request may include the token and the actions. Each dock that receives the request may attempt to validate the token. If the dock successfully validates the token, the dock may perform the actions and send a message to the software agent indicating a result of performing the actions.

Abstract: A method may include determining a configuration of one or more basic input/output system (BIOS) settings identified as influencing security at an information handling system. The method may further include determining a security risk score based on the configuration, and generating a security gauge image that provides a visual indication of the security risk score. The security gauge image may be displayed during BIOS initialization at the information handling system.

Abstract: Embodiments of systems and methods are provided herein to establish a secure communication channel for communicating dock configuration actions from an administrator information handling system (IHS) to a docking station. One embodiment of such a system includes an administrator IHS configured to communicate dock configuration actions to a docking station, a host IHS configured to verify the validity of a dock certificate received from the docking station against a dock certificate authority server, and a docking station configured to verify the validity of an administrator certificate received from the admin IHS against a preconfigured list of valid administrator certificates stored within the docking station. If the validity of the dock certificate and the administrator certificate are respectively verified by the host IHS and the docking station, the host IHS and the docking station are further configured to establish the secure communication channel between the administrator IHS and the docking station.

Abstract: In some examples, a software agent may request a token from a server. The request may include dock identifiers associated with one or more docks, credentials, and actions to be performed by the one or more docks. The server may determine, using an access control list, whether the credentials authorize the software agent to instruct the one or more docks to perform the actions. If the server determines that the software agent is authorized, then the server may send a token to the software agent. The software agent may send an action request to the one or more docks. The action request may include the token and the actions. Each dock that receives the request may attempt to validate the token. If the dock successfully validates the token, the dock may perform the actions and send a message to the software agent indicating a result of performing the actions.

Abstract: A method and information handling system including a first universal serial bus (USB) type C port for transceiving SMBus data multiplexed over unused USB-2 pins from a host information handling system, a first multiplexer for demultiplexing the SMBus as a designated data bus to a second multiplexer to create a designated bus for management controller transport protocol data, the second multiplexer re-multiplexing the SMBus designated bus to a second USB type C port for connection with an out-of-band management hardware system network interface card of a device connected to the second USB type C port for communication of management controller transport protocol data with the information handling system host and bypassing a docking station high capacity connector multiplex controller, and an embedded controller for activating the first multiplexer and the second multiplexer upon detecting the connection with the out-of-band management hardware system network interface card via the second USB type C port and est

Abstract: A system, method, and computer-readable medium are disclosed for performing a platform security operation, comprising: presenting a platform security user interface, the platform security user interface including a plurality of security blocks, each of the plurality of security blocks corresponding to a particular security policy function configuring a security policy via the platform security user interface, the configuring comprising combining a set of the security blocks according to a desired security function; converting the set of security blocks to information representing the security policy; and, deploying the security policy to an information handling system.

Abstract: A method and information handling system including a first universal serial bus (USB) type C port for transceiving SMBus data multiplexed over unused USB-2 pins from a host information handling system, a first multiplexer for demultiplexing the SMBus as a designated data bus to a second multiplexer to create a designated bus for management controller transport protocol data, the second multiplexer re-multiplexing the SMBus designated bus to a second USB type C port for connection with an out-of-band management hardware system network interface card of a device connected to the second USB type C port for communication of management controller transport protocol data with the information handling system host and bypassing a docking station high capacity connector multiplex controller, and an embedded controller for activating the first multiplexer and the second multiplexer upon detecting the connection with the out-of-band management hardware system network interface card via the second USB type C port and est

Abstract: Disclosed are techniques for recovering system configuration settings, such as remote management, of an information handling system following a disorderly shutdown. A restart controller detects a disorderly shutdown of an information handling system and, in response, sets a disorderly shutdown flag and restarts the information handling system. During the restart, the basic input/output system (BIOS) checks the disorderly shutdown flag as part of its power-on housekeeping. In response to determining the disorderly shutdown flag has been set, the BIOS reconfigures the system configuration settings, such as the power management scheme, of the information handling system so as to enable one or more remote wake mechanisms, such as wake-on-LAN or wake-on-ring. The BIOS then performs an orderly shutdown of the information handling system to place the information handling system in a low-power state, from which the information handling system can be awoken via the remote wake mechanism.

Abstract: In a system to configure a replacement motherboard, one or more subsystems are provided to determine whether the replacement motherboard is in a manufacturing mode, determine whether firmware for the replacement motherboard is unlocked, and receive an input from a user to configure the replacement motherboard when the replacement motherboard is determined to be in the manufacturing mode and the firmware is unlocked.

Abstract: Systems and methods are disclosed for providing memory security override protection for improved manufacturability of information handling systems. A security authentication system is added to a software driven security override signal for unlocking programmable memory circuitry, such as flash memory, according to security protection techniques associated with the Intel AMT (Active Management Technology) architecture. This security authentication system disclosed requires authentication of software security override requests before they are allowed. More particularly, the systems and methods disclosed add specific BIOS (Basic Input Output System) code to check the security override status and the software security override request signals on boots of the computer system to make sure these requests are not coming from rogue elements within the computer system. If the authentication is validated, then the programmable memory circuitry is unlocked on the next boot of the system to allow for reprogramming.

Abstract: Disclosed are techniques for recovering system configuration settings, such as remote management, of an information handling system following a disorderly shutdown. A restart controller detects a disorderly shutdown of an information handling system and, in response, sets a disorderly shutdown flag and restarts the information handling system. During the restart, the basic input/output system (BIOS) checks the disorderly shutdown flag as part of its power-on housekeeping. In response to determining the disorderly shutdown flag has been set, the BIOS reconfigures the system configuration settings, such as the power management scheme, of the information handling system so as to enable one or more remote wake mechanisms, such as wake-on-LAN or wake-on-ring. The BIOS then performs an orderly shutdown of the information handling system to place the information handling system in a low-power state, from which the information handling system can be awoken via the remote wake mechanism.

Abstract: Systems and methods are disclosed for providing memory security override protection for improved manufacturability of information handling systems. A security authentication system is added to a software driven security override signal for unlocking programmable memory circuitry, such as flash memory, according to security protection techniques associated with the Intel AMT (Active Management Technology) architecture. This security authentication system disclosed requires authentication of software security override requests before they are allowed. More particularly, the systems and methods disclosed add specific BIOS (Basic Input Output System) code to check the security override status and the software security override request signals on boots of the computer system to make sure these requests are not coming from rogue elements within the computer system. If the authentication is validated, then the programmable memory circuitry is unlocked on the next boot of the system to allow for reprogramming.

Abstract: In a system to configure a replacement motherboard, one or more subsystems are provided to determine whether the replacement motherboard is in a manufacturing mode, determine whether firmware for the replacement motherboard is unlocked, and receive an input from a user to configure the replacement motherboard when the replacement motherboard is determined to be in the manufacturing mode and the firmware is unlocked.

Abstract: A printer which includes both high volume printing capabilities such as laser jet printing with photographic quality printing capabilities such as ink jet or dye-sublimation printing within the same printer housing.

Abstract: An apparatus and associated method are disclosed for facilitating the testing of device connections, including functional shock and vibration testing of peripheral card slots or any other desired connector interface. In part, a power supply located on the peripheral device, or some other external power source, is used to power fault detection circuitry. In this way, faults can be identified, such as through visual fault indicators, without the necessity of powering the system. In addition, simulated peripheral cards are provided that include adjustable weights so that the weight distribution of an actual card can be simulated without the necessity of having a functional peripheral in hand.

Abstract: An information handling system security system validates authorization to selected information by establishing physical access of a user to the information handling system through activation by the user of a power switch of the information handling system. Upon detection of an attempt to access the limited access information, a trusted platform module disables power functionality of the power switch and enables a physical access validation mode that validates physical access of a user to the information handling system before allowing access to the limited access information. Failure to confirm physical access by activation of the power switch precludes access to the information. Validation of physical access by activation of the power switch allows access to the information and returns normal power functionality to the power switch.

Abstract: An information handling system cooling fan operating curve is automatically selected for use by a cooling fan controller by detecting the configuration of the information handling system and looking up cooling fan operating parameters from a table associated with the information handling system. For instance, central processing unit identification information is used to select associated cooling fan operating parameters so that adequate cooling is available to meet system cooling constraints for the heat characteristics of the central processing unit with reduced acoustic impact associated with operation of the information handling system.

Abstract: An energy discharge resistance is isolated from storage capacitance containing a voltage charge until power is removed from the storage capacitance. Then the discharge resistance may be coupled to the storage capacitance to drain residual charge therefrom. The discharge resistance is coupled to the storage capacitance when external power is removed and is un-coupled from the storage capacitance when external power is applied to the storage capacitance. In this way, unnecessary power draw during operation or standby of an electronic system is substantially eliminated.