Abstract: Techniques are provided for security key integrity verification using inventory certificates. One method comprises receiving a user request to perform an action: obtaining an inventory certificate associated with a device; extracting a security key identifier from a security key corresponding to the device; validating the security key by comparing the extracted security key identifier to a security key identifier in the inventory certificate; and authorizing a performance of the action based on a result of the comparison. A validity of the inventory certificate may be evaluated (e.g., by evaluating a signature associated with the inventory certificate). The inventory certificate may be stored in a secure memory of the device prior to a delivery of the device to a purchaser of the device.

Abstract: Embodiments of systems and methods to provide a firmware update to devices configured in a redundant configuration in an Information Handling System (IHS) are disclosed. In an illustrative, non-limiting embodiment, an IHS may include a Baseboard Management Controller (BMC) having computer-executable instructions to receive a request to boot a factory firmware on the BMC in which the factory firmware is signed by a first private key of a first asymmetric private/public key pair. Using the first private key, the instructions verify an authenticity of the factory firmware using a public key associated with the first private/public key pair, and allow booting of the factory firmware only when it is authenticated by the first public key.

Abstract: Embodiments of systems and methods to provide a firmware update to devices configured in a redundant configuration in an Information Handling System (IHS) are disclosed. In an illustrative, non-limiting embodiment, an IHS may include computer-executable instructions to receive a request for a secret known by the IHS, and attest the RAC by verifying that the public key exists in a manifest that is configured to store identifying information about a plurality of devices configured in the IHS. The request is signed using a private key of a first asymmetric key pair generated by a Remote Access Controller (RAC). Using a second public key of a second asymmetric key pair, the instructions encrypt the requested secret; and send the encrypted secret to the RAC, wherein the RAC is configured to use the second private key of the second asymmetric key pair to decrypt the encrypted secret.

Abstract: Embodiments of systems and methods to provide a firmware update to devices configured in a redundant configuration in an Information Handling System (IHS) are disclosed. In an illustrative, non-limiting embodiment, an IHS may include a Baseboard Management Controller (BMC) having computer-executable instructions to, during a boot sequence of the BMC, determine a type of a firmware that is to be booted on the BMC, and selectively restrict access to the resources based upon the determined type of firmware.

Abstract: Embodiments provide methods for validating secure delivery of an IHS (Information Handling System) by confirming that the packages by which the IHS was delivered include only the packages used to ship the IHS from a factory or other trusted entity. During factory provisioning of the IHS, a shipping certificate is uploaded to the IHS, where the certificate includes shipping identifiers that are each associated with a package used to ship the IHS. Upon receiving packages by which the IHS has been shipped, shipping identifiers, such as bar codes and RFID codes, are collected from the received packages. The shipping identifiers collected from the received packages are compared against the shipping identifiers from the shipping certificate in order to validate the plurality of received packages as the same packages that were used to ship the IHS.

Abstract: Systems and procedures are provided for validating an IHS (Information Handling System) as operating using only factory-provisioned firmware. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory identifying firmware for use in the operation of the IHS. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. An inventory of firmware used by hardware components of the IHS is then collected. The validation process compares the collected inventory of firmware against the inventory of factory-provisioned firmware from the inventory certificate in order to validate the IHS is operating using only factory-provisioned firmware. A validation failure is signaled when the comparison indicates that a hardware component is not operating using the factory-provisioned firmware specified in the inventory certificate.

Abstract: Various embodiments provide methods for validating hardware modifications of an IHS (Information Handling System) by confirming that a hardware modification corresponds to a hardware component supplied for installation in the IHS by a trusted entity. During factory provisioning of an IHS, an inventory certificate that specifies the factory installed IHS hardware is uploaded to the IHS and is also stored for ongoing support of the IHS. Upon a hardware component being supplied for installation in the IHS by a trusted entity, the inventory of the stored inventory certificate is updated to identify the supplied component and the updated certificate is transmitted to the IHS. An inventory of detected hardware components of the IHS is compared against the inventory from the updated inventory certificate in order to validate the detected hardware of the IHS includes the component, supplied by the trusted entity, that is identified in the updated inventory certificate.

Abstract: An information handling system includes a memory and a basic input/output system (BIOS). The memory stores a lookup table to associate each of a plurality of device firmware hashes with a corresponding one of a plurality of device identification strings. The BIOS calculates the each of the device firmware hashes. Each device firmware hash is associated with a different device firmware. The BIOS creates the lookup table based on the calculated device firmware hashes and the device identification strings. Based on the lookup table, the BIOS displays a secure boot allowed devices database list on a display device.

Abstract: An information handling system includes a memory and a baseboard management controller (BMC). The memory stores a secure boot policy for multiple input/output (I/O) devices in the information handling system. The BMC extracts a new firmware hash value from a firmware update package. The new firmware hash value is associated with a new firmware image of a first I/O device of the I/O devices. The BMC performs a firmware update for the first I/O device. In response to the firmware update being successfully completed, the BMC replaces an old firmware hash value with the new firmware hash value in the secure boot policy.

Abstract: An information handling system includes a memory, a baseboard management controller (BMC), and a basic input/output system (BIOS). The memory stores a secure boot policy for a plurality of input/output (I/O) devices in the information handling system. The BMC performs a firmware update for a first I/O device of the I/O devices. In response to the firmware update being completed successfully, the BMC creates a system management task. During a next boot after the creation of the system management task, the BIOS detects the system management task. The BIOS calculates a new hash value for a firmware image of the firmware update. The BIOS replaces a previous hash value with the new hash value in the secure boot policy.

Abstract: Systems and procedures are provided for validating an IHS (Information Handling System) as operating using only factory-provisioned lockable devices. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory of factory-provisioned lockable devices and also includes encrypted code(s) for accessing the lockable devices. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. An inventory of detected lockable devices of the IHS is then collected. The validation process compares the collected inventory of detected lockable devices against the inventory of factory-provisioned lockable devices from the inventory certificate in order to validate the IHS is operating using only factory-provisioned lockable devices.

Abstract: Systems and procedures are provided for importing cryptographic credentials of a customer to an IHS (Information Handling System). During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an encrypted access code for unlocking the IHS and also includes encrypted credentials provided by the customer. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. A cryptographic challenge is issued that presents the encrypted access code. Further initialization of the IHS is halted until a response to the challenge is received from the customer that provides the decrypted access code. When the decrypted access code is received, further initialization of the IHS is enabled and the encrypted credentials from the inventory certificate are imported to the IHS, thus allowing the customer to establish an independent root of trusted components using the IHS.

Abstract: Various embodiments provide methods for validating hardware modifications of an IHS (Information Handling System) by confirming that a hardware modification corresponds to a hardware component supplied for installation in the IHS by a trusted entity. During factory provisioning of an IHS, an inventory certificate that specifies the factory installed IHS hardware is uploaded to the IHS and is also stored for ongoing support of the IHS. Upon a hardware component being supplied for installation in the IHS by a trusted entity, the inventory of the stored inventory certificate is updated to identify the supplied component and the updated certificate is transmitted to the IHS. An inventory of detected hardware components of the IHS is compared against the inventory from the updated inventory certificate in order to validate the detected hardware of the IHS includes the component, supplied by the trusted entity, that is identified in the updated inventory certificate.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with the plurality of hardware devices. The BMC includes instructions for executing a bootloader to verify an integrity of a first firmware stack, and boot the first firmware stack on a first processor. Once booted, the first firmware stack verifies the integrity of a first code segment on a second processor that is also used to execute a custom BMC firmware stack. The first code segment is executed to verify the integrity of one or more vendor supplied code segments executed on the second processor.

Abstract: Systems and methods provide validation of hardware components of an IHS (Information Handling System). An attestation certificate stored to the IHS specifies authenticated instructions for operation of a hardware component of the IHS. This attestation certificate is endorsed by a self-signed root attestation certificate. An identity certificate, also stored to the IHS, specifies an identity of the hardware component and is endorsed using an embedded keypair of the hardware component. The root attestation certificate is validated to ensure it corresponds to the hardware component specified in the identity certificate, where this validation confirms that a public key included in the identity certificate is identical to a public key included in the attestation certificate.

Abstract: In general, embodiments of the invention relate to implementing a secure boot process in information handling systems that supports both an external root of trust (eRoT) and an internal root of trust (RoT). Further, embodiments of the invention relate to binding a management controller to a specific chassis and, in the case where the eRoT is used, to an eRoT. When the management controller and the chassis are provisioned according to one or more embodiments of the invention, security checks may be performed by management controller executing an initial program loader (IPL) using the aforementioned bindings. If the bindings are not present or do not match, then the boot process halts and the user is unable to use the information handling system.

Abstract: Systems and methods are provided for customer validation of hardware of an IHS (Information Handling System). During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that identifies factory installed components of the IHS. Upon deployment of the IHS, a customer issues a request for hardware validation, such as via an API exposed by a trusted component of the IHS. The IHS generates a certificate signing request (CSR) that specifies factory-installed hardware components of the IHS. The CSR is transmitted to the customer for use in generating an inventory certificate signed by a certificate authority that is selected by the customer. The customer's signed inventory certificate is stored to the IHS and used in validating some or all of the hardware of the IHS by comparing detected hardware components of the IHS against the inventory specified in the inventory certificate received from the customer.

Abstract: Systems and procedures are provided for validating an IHS (Information Handling System) as operating using only factory-provisioned firmware. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory identifying firmware for use in the operation of the IHS. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. An inventory of firmware used by hardware components of the IHS is then collected. The validation process compares the collected inventory of firmware against the inventory of factory-provisioned firmware from the inventory certificate in order to validate the IHS is operating using only factory-provisioned firmware. A validation failure is signaled when the comparison indicates that a hardware component is not operating using the factory-provisioned firmware specified in the inventory certificate.

Abstract: Systems and procedures are provided for importing cryptographic credentials of a customer to an IHS (Information Handling System). During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an encrypted access code for unlocking the IHS and also includes encrypted credentials provided by the customer. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. A cryptographic challenge is issued that presents the encrypted access code. Further initialization of the IHS is halted until a response to the challenge is received from the customer that provides the decrypted access code. When the decrypted access code is received, further initialization of the IHS is enabled and the encrypted credentials from the inventory certificate are imported to the IHS, thus allowing the customer to establish an independent root of trusted components using the IHS.

Abstract: Systems and procedures are provided for enforcing geographic restrictions on the operation of an IHS (Information Handling System). During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that specifies a plurality of allowed geographic locations at which the IHS is operational. Upon delivery and initial powering of the IHS, a validation environment is instantiated and further initialization of the IHS is halted until a location of the IHS can be determined. Once a geographic location of the IHS has been determined, it is compared to the allowed geographic locations from the inventory certificate stored during factory provisioning. When the location of the IHS is not at an allowed geographic location specified in the inventory certificate, the IHS is rendered non-operational. When the location of the IHS is at an allowed geographic location specified in the inventory certificate, further initialization of the IHS is enabled.