Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.

Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.

Abstract: In some examples, a controller includes a secure memory to store a key, and a processor to access a system memory that is external of the controller and that is accessible by a main processor separate from the controller, protect information retrieved from the system memory using the key to produce protected information, and store the protected information in the system memory.

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring.

Abstract: In some examples, a controller includes a secure memory to store a key, and a processor to access a system memory that is external of the controller and that is accessible by a main processor separate from the controller, protect information retrieved from the system memory using the key to produce protected information, and store the protected information in the system memory.

Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.

Abstract: Examples disclosed herein relate to a computing device that includes a central processing unit, a management controller separate from the central processing unit, and a security co-processor. The management controller is powered using an auxiliary power rail that provides power to the management controller while the computing device is in an auxiliary power state. The security co-processor includes device unique data. The management controller receives the device unique data and stores a representation at a secure location. At a later time, the management controller receives endorsement information from an expected location of the security co-processor. The management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information and the stored representation of the device unique data.

Abstract: A method for assembling a computing device including initiating a board management controller of the computing device, the board management controller having at least one fuse, forming data to control a video display operatively connected to the computing device to show an image of a watermark, and modifying the computing device. The method also includes blowing the at least one fuse in response to modifying the computing device and adjusting the watermark in response to blowing the at least one fuse.

Abstract: In some examples, a scanner that is to verify a device includes a scanner input/output (I/O) interface to physically and communicatively connect to a device I/O interface of the device. The scanner includes a processor to send an input through the scanner I/O interface to the device, receive, at the scanner I/O interface, an output responsive to the input from the device, the output comprising a cryptographic value based on a cryptographic operation applied on data of the input, and determine whether the device is an authorized device based on the received output.

Abstract: Examples disclosed herein relate to a device that has a chassis that can transition from a factory security state to a production security state. A visible object can be removed from the outside of the chassis to trigger the change in state. A BMC can change the state from the factory security state to the production security state based on detection of a physical trigger. The factory security state includes an application programming interface (API) that is enabled and the production security state has the API disabled.

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring.

Abstract: In at least some embodiments, a method comprises emulating a Universal Serial Bus (USB) host controller at a computer system. The method further comprises using the emulated USB host controller to interface a remote management console with the computer system.

Abstract: In at least some embodiments, a method comprises emulating a Universal Serial Bus (USB) host controller at a computer system. The method further comprises using the emulated USB host controller to interface a remote management console with the computer system.

Abstract: There is provided a system and a method for interacting with a remote computer. More specifically, there is provided a method comprising transmitting a command to a first computer, wherein the command is associated with a virtualized control displayed on a second computer, and displaying a hardware status indicator on a display of the second computer after the first computer executes the transmitted command, wherein the hardware status indicator is a graphical representation of an external visual indicator of the first computer.

Abstract: Systems, methodologies, and media associated with acquiring a graphics mode post-failure screen provided by a graphical operating system running on a self-reset capable computer are described. One exemplary method embodiment may be performable in a management processor (e.g., ASIC, FPGA) that is configured to be operably connected to a computer (e.g., server) that is configured to provide a graphical post-failure screen and to self-reset upon entering a failure state. The exemplary method embodiment may include receiving a stream of video data from the computer and making it available to a downstream component like a remote console application. The exemplary method may also include performing a screen refresh after detecting the failure state in the computer. The exemplary method may also include selectively storing the graphical post-failure screen in a memory associated with the management processor.

Abstract: A system comprising a CPU, a memory coupled to the CPU and used as storage for programs executable by the CPU, and a system management processor coupled to the CPU that selectively establishes hardware-based remote console sessions and software-based remote console sessions.

Abstract: Logging into a remote computer by way of a management processor to initiate a remote console session and switching between a default remote console session and a non-default remote console session.