Abstract: Example implementations relate to system and method of signing a boot information file by a manageability controller, and interlocking host computing system to signed boot information file. The boot information file may include a boot loader file and/or an OS kernel file of the host computing system. The manageability controller receives the boot information file from a processor of a computing device. Further, the manageability controller signs the boot information file with a hashed data of a unique identifier, to generate and communicate the signed boot information file to the processor. Later, the manageability controller updates a boot database stored in non-volatile random-access memory of a firmware engine of the host computing system with a thumbprint data of the signed boot information file to interlock the host computing system to the signed boot information file, in response to successful download of the signed boot information file by the processor.

Abstract: Examples described herein relate to a manageability controller for controlling a display of a screen video. The manageability controller may receive screen video data from a hypervisor running on a host operating system (OS) that is executable by a main processing resource separate from the manageability processing resource. The screen video data may include a host OS screen video data corresponding to the host OS, a virtual machine (VM) screen video data corresponding to a VM running on the hypervisor, or both. Further, the manageability controller may store the host OS screen video data or the VM screen video data in a physical video memory based on a screen selection input.

Abstract: Examples described herein relate to a system and method for providing a key store within Baseboard Management Controller (BMC) of a computing device. A secure storage key of the BMC may include a key store, storing cryptographic objects such as cryptographic keys and digital certificates used by entities for performing cryptographic operations. The BMC may receive a request from an entity for performing the cryptographic operation and may determine if the entity is authorized to request the cryptographic operation. If the entity is authorized, the BMC may identify a private key from the key store for performing the cryptographic operation. Once the key is identified, the BMC may determine if the entity is permitted access to the private key. When the entity is permitted to access the private key, the BMC may perform the cryptographic operation using the private key and returns the results to the entity.

Abstract: Examples described herein relate to signing of files based on file security credentials. A signing request for a file is received from a file author device. The signing request may include a file identifier associated with the file and a first key identifier associated with a first key stored in a hardware security module (HSM). File security credentials associated with the file may be obtained from one or more file security databases using the file identifier. A file security value for the file may be determined based on the file security credentials. On determining that the file security value satisfies a predetermined first key criteria, the file may be signed using the first key.

Abstract: Example implementations relate to system and method of signing a boot information file by a manageability controller, and interlocking host computing system to signed boot information file. The boot information file may include a boot loader file and/or an OS kernel file of the host computing system. The manageability controller receives the boot information file from a processor of a computing device. Further, the manageability controller signs the boot information file with a hashed data of a unique identifier, to generate and communicate the signed boot information file to the processor. Later, the manageability controller updates a boot database stored in non-volatile random-access memory of a firmware engine of the host computing system with a thumbprint data of the signed boot information file to interlock the host computing system to the signed boot information file, in response to successful download of the signed boot information file by the processor.

Abstract: Example implementations relate to system and method of controlling access to ports of a host computing system having a port management integrated-circuit chip (IC), a manageability controller, and a plurality of peripheral device hubs having ports. The IC is to receive a first data from the plurality of peripheral device hubs and communicate the first data to the manageability controller. The first data includes device identifiers of a first peripheral device and a port identifier of the port. Further, the IC is to receive a security action from the manageability controller and implement the security action on the port. The security action is determined based on comparison of the first data and the second data including access control rules, where the security action is linked to each access control rule, and where each access control rule has the port identifier mapped to predetermined device identifiers of a second peripheral device.

Abstract: In some examples, a device receives a plurality of encryption keys from a secure storage of a management controller, where a first encryption key of the plurality of encryption keys is for site-wide access of information on removable storage media plugged into respective computers of a site, and a second encryption key of the plurality of encryption keys is to restrict access of information on removable storage media plugged into a subset of the computers. The device uses a given encryption key of the plurality of encryption keys to encrypt information written to or decrypt information read from a first removable storage medium plugged into a first computer of the computers, wherein the management controller is associated with and is separate from a processor of the first computer.

Abstract: Example implementations relate to system and method of controlling access to ports of a host computing system having a port management integrated-circuit chip (IC), a manageability controller, and a plurality of peripheral device hubs having ports. The IC is to receive a first data from the plurality of peripheral device hubs and communicate the first data to the manageability controller. The first data includes device identifiers of a first peripheral device and a port identifier of the port. Further, the IC is to receive a security action from the manageability controller and implement the security action on the port. The security action is determined based on comparison of the first data and the second data including access control rules, where the security action is linked to each access control rule, and where each access control rule has the port identifier mapped to predetermined device identifiers of a second peripheral device.

Abstract: Examples described herein relate to a manageability controller for controlling a display of a screen video. The manageability controller may receive screen video data from a hypervisor running on a host operating system (OS) that is executable by a main processing resource separate from the manageability processing resource. The screen video data may include a host OS screen video data corresponding to the host OS, a virtual machine (VM) screen video data corresponding to a VM running on the hypervisor, or both. Further, the manageability controller may store the host OS screen video data or the VM screen video data in a physical video memory based on a screen selection input.

Abstract: In some examples, a device receives a plurality of encryption keys from a secure storage of a management controller, where a first encryption key of the plurality of encryption keys is for site-wide access of information on removable storage media plugged into respective computers of a site, and a second encryption key of the plurality of encryption keys is to restrict access of information on removable storage media plugged into a subset of the computers. The device uses a given encryption key of the plurality of encryption keys to encrypt information written to or decrypt information read from a first removable storage medium plugged into a first computer of the computers, wherein the management controller is associated with and is separate from a processor of the first computer.

Abstract: A method disclosed herein relates to a proxy application that connects to an input/output controller (IOCTL) interface driver. The IOCTL interface driver transfers IOCTL commands to a baseboard management controller (BMC). The proxy application receives, through the IOCTL interface driver, an application protocol request over an IOCTL command from the BMC. The application protocol request includes a computing devices configuration, a computing devices configuration option, and user interface data. The proxy application also receives an update to the computing devices current configuration based on the computing devices configuration option. The proxy application generates a new application protocol request over the IOCTL command based on the update to the computing devices current configuration. The proxy application transmits, through the IOCTL interface driver, the new application protocol request over the IOCTL command to the BMC.

Abstract: A system for storing a file system can include writing a file system to a memory device, the file system including a plurality of files, a subset engine to determine a subset of the plurality of files, a marking engine to mark each file of the plurality of files that is not included in the subset as a not-for-use sector, a crosslinking engine to crosslink duplicate files of the subset, a compression engine to compress a directory structure and a file allocation table (FAT) associated with the subset; and a storing engine to store the compressed directory structure and FAT in the file system.

Abstract: Examples provided relate to adding a network unit to a management group. An example method includes receiving a numeric code on a first network unit from a button on a front panel of the first network unit. The numeric code is received on a second network unit using a button on a front panel of the second network unit. The first network unit is added to the management group of the second network unit.

Abstract: In an example, a device comprises a baseboard management controller (BMC). The BMC comprises non-volatile storage storing a service operating system (OS). The BMC also comprises a processor. The processor may: receive, by a baseboard management controller (BMC), a request to modify the non-volatile storage, wherein the request comprises a signature, determine, by the BMC, based on a received signature, and a key for modifying the non-volatile storage, whether the request to modify the non-volatile storage is properly signed, and responsive to determining the request to modify the non-volatile storage is properly signed: allow modification of the non-volatile storage.

Abstract: Examples disclosed herein relate to using a baseboard management controller (BMC) of a computing device with a private and public key that is used for license provisioning. A public key is obtained from the BMC. The public key is sent to a license device external to the computing device. Encrypted license information is received from the license device. Decrypted license information is obtained from the BMC based on the encrypted license information.

Abstract: A method disclosed herein relates to a proxy application that connects to an input/output controller (IOCTL) interface driver. The IOCTL interface driver transfers IOCTL commands to a baseboard management controller (BMC). The proxy application receives, through the IOCTL interface driver, an application protocol request over an IOCTL command from the BMC. The application protocol request includes a computing devices configuration, a computing devices configuration option, and user interface data. The proxy application also receives an update to the computing devices current configuration based on the computing devices configuration option. The proxy application generates a new application protocol request over the IOCTL command based on the update to the computing devices current configuration. The proxy application transmits, through the IOCTL interface driver, the new application protocol request over the IOCTL command to the BMC.

Abstract: An example managed server system (102) includes a managed server (104), a baseboard management controller (BMC) (108), and a shared memory (106). An example configuration process (200) includes transmitting (201), by the BMC, a network-address request over an out-of-band network; receiving (202) received configuration information; writing (203), by the BMC, stored configuration information to the shared memory; accessing (204), by the managed server, the shared memory to read the stored configuration information; and configuring (205) the managed server using the stored configuration information.

Abstract: In an example, a device comprises a baseboard management controller (BMC). The BMC comprises non-volatile storage storing a service operating system (OS). The BMC also comprises a processor. The processor may: receive, by a baseboard management controller (BMC), a request to modify the non-volatile storage, wherein the request comprises a signature, determine, by the BMC, based on a received signature, and a key for modifying the non-volatile storage, whether the request to modify the non-volatile storage is properly signed, and responsive to determining the request to modify the non-volatile storage is properly signed: allow modification of the non-volatile storage.

Abstract: An example device includes processor and a secure storage area having accessibility limited to a secure communication. The secure storage area stores a job pool with at least one job to be processed. The processor is to process the at least one job from the job pool when the processor is running. The secure storage area is a private storage of a management controller of the device.

Abstract: Examples provided relate to adding a network unit to a management group. An example method includes receiving a numeric code on a first network unit from a button on a front panel of the first network unit. The numeric code is received on a second network unit using a button on a front panel of the second network unit. The first network unit is added to the management group of the second network unit.