Abstract: An information handling system includes a baseboard management controller and a media controller. The baseboard management controller includes a memory, and an immutable attribute of the baseboard management controller is fused in the memory during a factory process of the information handling system. The baseboard management controller generates a first seed value based on the immutable attribute, generates a first key value based on the first seed value, and provides the first key value. The media controller includes a secure memory and a processor. The processor receives the first key value from the baseboard management controller, and stores, during the factory process, the first key value in the secure memory. The first key value cryptographically links the secure memory to the baseboard management controller.

Abstract: An information handling system may include a circuit board; a processor disposed on the circuit board, wherein the processor includes a media access control (MAC) address and a hidden root key (HRK) encoded therein; and a memory not disposed on the circuit board. The information handling system may be configured to: determine a customer public key (CPK); create a data structure comprising the CPK and the MAC address; encrypt the data structure using the HRK to generate an encrypted structure; and store the encrypted structure in the memory.

Abstract: An information handling system may include a circuit board; a processor disposed on the circuit board, wherein the processor includes a media access control (MAC) address and a hidden root key (HRK) encoded therein; and a memory not disposed on the circuit board. The information handling system may be configured to: determine a customer public key (CPK); create a data structure comprising the CPK and the MAC address; encrypt the data structure using the HRK to generate an encrypted structure; and store the encrypted structure in the memory.

Abstract: An information handling system includes an endpoint device and a service processor. The endpoint device is configured to share a passphrase with the service processor via shared memory architecture transfer mechanism. The service processor is configured generate the sent hash of a message; encrypt the message, the sent hash, and the nonce value using the passphrase to form an encrypted message; and transmit the encrypted message to the endpoint device over a sideband interface. The storage controller is further configured to decrypt the encrypted message using the passphrase to obtain the message, the sent hash, and the nonce value; compare the nonce value to a counter to determine if the nonce value is an old nonce value; calculate an observed hash of the message; and accept the message when the nonce value is not an old nonce value and the observed hash matches the received hash.

Abstract: An information handling system includes a baseboard management controller and a media controller. The baseboard management controller includes a memory, and an immutable attribute of the baseboard management controller is fused in the memory during a factory process of the information handling system. The baseboard management controller generates a first seed value based on the immutable attribute, generates a first key value based on the first seed value, and provides the first key value. The media controller includes a secure memory and a processor. The processor receives the first key value from the baseboard management controller, and stores, during the factory process, the first key value in the secure memory. The first key value cryptographically links the secure memory to the baseboard management controller.

Abstract: An information handling system includes an endpoint device and a service processor. The endpoint device is configured to share a passphrase with the service processor via shared memory architecture transfer mechanism. The service processor is configured generate the sent hash of a message; encrypt the message, the sent hash, and the nonce value using the passphrase to form an encrypted message; and transmit the encrypted message to the endpoint device over a sideband interface. The storage controller is further configured to decrypt the encrypted message using the passphrase to obtain the message, the sent hash, and the nonce value; compare the nonce value to a counter to determine if the nonce value is an old nonce value; calculate an observed hash of the message; and accept the message when the nonce value is not an old nonce value and the observed hash matches the received hash.

Abstract: A method may include generating a first shared secret for a present boot session of the information handling system and determining if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the method may include encrypting the first shared secret with the second shared secret and communicating the first shared secret encrypted by the second shared secret from a first information handling resource to a second information handling resource. If the second shared secret did not exist for the prior boot session, the method may include communicating the first shared secret unencrypted from the first information handling resource to the second information handling resource. The method may additionally include securely communicating between the first information handling resource and the second information handling resource using the first shared secret for encryption and decryption.

Abstract: A method may include generating a first shared secret for a present boot session of the information handling system and determining if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the method may include encrypting the first shared secret with the second shared secret and communicating the first shared secret encrypted by the second shared secret from a first information handling resource to a second information handling resource. If the second shared secret did not exist for the prior boot session, the method may include communicating the first shared secret unencrypted from the first information handling resource to the second information handling resource. The method may additionally include securely communicating between the first information handling resource and the second information handling resource using the first shared secret for encryption and decryption.

Abstract: A method may include generating a first shared secret for a present boot session of the information handling system and determining if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the method may include encrypting the first shared secret with the second shared secret and communicating the first shared secret encrypted by the second shared secret from a first information handling resource to a second information handling resource. If the second shared secret did not exist for the prior boot session, the method may include communicating the first shared secret unencrypted from the first information handling resource to the second information handling resource. The method may additionally include securely communicating between the first information handling resource and the second information handling resource using the first shared secret for encryption and decryption.

Abstract: A method may include generating a first shared secret for a present boot session of the information handling system and determining if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the method may include encrypting the first shared secret with the second shared secret and communicating the first shared secret encrypted by the second shared secret from a first information handling resource to a second information handling resource. If the second shared secret did not exist for the prior boot session, the method may include communicating the first shared secret unencrypted from the first information handling resource to the second information handling resource. The method may additionally include securely communicating between the first information handling resource and the second information handling resource using the first shared secret for encryption and decryption.